On Tue, May 31, 2011 at 10:35 AM, Jason Vas Dias
<jason.vas.dias@xxxxxxxxx> wrote:
But I had the impression from reading the documentation that the "access_log" was to
record actual ACCESSes , ie. for requests that at least pass the "is a valid HTTP request" test ,
and that non-requests, if logged at all, should appear only in the error_log .
A request that returns a 404 (or any other error code) is still a valid request. HTTPD can not return an error response if there was no request for it.
Indeed, for every such bad request received, I see error log entries like :
[Tue May 31 07:11:22 2011] [error] [client 117.241.90.130] Invalid method in request \xb6\xb3\xde\xa9\xb4q&\x1c\xe1\xb4eX"7\xf1\xb4\x82\xd9\xd3\xce\x95\xf9|\x8f\xde\xb7\x1a\xe6\x92G3\xe84\x10]`\xc3
so this is definitely "not a request" - I wouldn't have expected anything about this event in the
access log, because no "access" to anything resulted from this event .
Anyone who does log analysis (read Awstats or similar) can tell you how important the errors in the access log are.
The error log is free-form; any part of the web server, including plugins, can write to it and they don't use the same format. This makes the log file very hard if not impossible to parse by machine.
The access log is only written to in the specific format defined in the configuration, which makes it easy to parse because evey line can be expected to have the same format.
