4. HTTP Server
Web Log
GET /index.html HTTP/1.1
Host: www.cdti.ac.th
.......
HTTP/1.1 200 OK
.......
อ ้างอิง https://www3.ntu.edu.sg/home/ehchua/programming/webprogramming/http_basics.html
5. Alice – Bob และ Eve
Alice
Bob
ข้อมูลไปยัง Bob
Eve
(Eavesdropper)
7. NCSA Common Log format
(ใช ้ใน apache httpd)
Field Sample Description
Remote host address 192.168.1.1 The IP address of the client that made the request.
Remote log name - Not used. This value is always a hyphen.
User name Sarayut The name of the authenticated user that accessed the server. Anonymous users are
indicated by a hyphen. The best practice is for the application always to provide the
user name.
Date, time, and
Greenwich mean time
(GMT) offset
[10/Oct/1999:21:15:05 +0500] The local date and time at which the activity occurred. The offset from Greenwich
mean time is also indicated.
Request and Protocol
version
"GET /index.html HTTP/1.0" The HTTP protocol version that the client used.
Service status code 200 The HTTP status code. (A value of 200 indicates that the request completed
successfully.)
Bytes sent 1043 The number of bytes sent by the server.
172.21.13.45 - MicrosoftJohnDoe [07/Apr/2004:17:39:04 -0800] "GET /scripts/iisadmin/ism.dll?http/serv HTTP/1.0" 200 3401
125.125.125.125 - dsmith [10/Oct/1999:21:15:05 +0500] "GET /index.html HTTP/1.0" 200 1043
ตัวอย่าง
8. NCSA extended log format
field sample Descripiton
Referer "http://www.ibm.com/" The URL which linked the user to your site. (Optional)
user_agent "Mozilla/4.05 [en] (WinNT; I)" The Web browser and platform used by the visitor to
your site.(Optional)
cookies "USERID=CustomerA;IMPID=01234" Cookies are pieces of information that the HTTP
server can send back to client along the with the
requested resources. A client's browser may store
this information and subsequently send it back to the
HTTP server upon making additional resource
requests. The HTTP server can establish multiple
cookies per HTTP request.
ตัวอย่าง
"http://www.ibm.com/" "Mozilla/4.05 [en] (WinNT; I)" "USERID=CustomerA;IMPID=01234"
9. W3C Log format
(ใช ้ใน IIS)
#Software: Microsoft HTTP Server API 2.0
#Version: 1.0
#Date: 2002-05-02 17:42:15
#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status
cs(User-Agent)
HEAD
Detail
2023-03-06 00:00:00 W3SVC1 HCISAPP1 192.168.2.11 GET / - 80 - 192.168.2.10 HTTP/0.9 - - - - 200 0 0 703 7 0
2023-03-06 00:00:02 W3SVC1 HCISAPP1 192.168.2.11 HEAD / - 80 - 192.168.2.10 HTTP/1.1
Mozilla/5.0+(compatible;+PRTG+Network+Monitor+(www.paessler.com);+Windows) UserCulture=en-US -
172.31.162.101 200 0 0 247 223 0
...
...
c Client
s Server
r Remote
cs Client to Server.
sc Server to Client.
sr Server to Remote Server
rs Remote Server to Server
x Application specific identifier.
12. ข ้อมูลกิจกรรมอื่นๆ ที่เกี่ยวข ้องกับการแม่
ข่ายเว็บ
Name Description
Windows Event Log OS level Log ของ Windows server (อาทิ event log ของแม่ข่ายเว็บ
แบบ Windows)
Syslog มาตรฐาน log ที่นิยมใช ้ในระบบ Unix/Linux/อุปกรณ์เครือข่าย
Database Log กรณีที่แม่ข่ายเว็บเชื่อมต่อกับ database
Firewall Log Firewall ที่เกี่ยวข ้อง มักมีรูปแบบไม่เหมือนกันสาหรับ firewall ยี่ห ้อ
ต่างๆ
Load balancer Log Load balancer ที่เกี่ยวข ้อง มักมีรูปแบบไม่เหมือนกันสาหรับ load
balancer ยี่ห ้อต่างๆ
Proxy Log Proxy server ที่เกี่ยวข ้อง ทั้งที่เป็น proxy server สาหรับผู้ใช ้ทั่วไป และ
reverse proxy
Wifi Access Point Authenticate log สาหรับผู้ใช ้ภายใน ที่ใช ้งานผ่าน wifi access point
13. Windows Event Log
Logging is the act of keeping a log
of events that occur in a computer
system, such as problems, errors or
just information on current
operations.
Windows Event log type:
- Application Log
- System Log
- Security Log
- Setup Log
Event Viewer
14. ตัวอย่าง Event Log ที่ต ้องสนใจ
Logged Source Message
2023-03-06 11:52:11 PM MSSQLSERVER Login failed for user 'sa'. Reason: Password did not match that for the login provided.
[CLIENT: 217.64.30.89]
2023-03-06 11:52:11 PM MSSQLSERVER Login failed for user 'sa'. Reason: Password did not match that for the login provided.
[CLIENT: 217.64.30.89]
Logged Date Computer Message
2023-03-10
6:03:13 AM
XISDB Recovery completed for database xlab (database ID 98) in 2 second(s) (analysis
452 ms, redo 250 ms, undo 930 ms [system undo
5D0D00000A00000007000000480043004900530044004200000007000000
6D00610073007400650072000000 ms, regular undo %8 ms].) This is an
informational message only. No user action is required.
2023-03-10
6:03:13 AM
XISDB Recovery completed for database xdep432 (database ID 36) in 2 second(s)
(analysis 419 ms, redo 0 ms, undo 805 ms [system undo
5D0D00000A00000007000000480043004900530044004200000000000000
ms, regular undo %8 ms].) This is an informational message only. No user action is
required.