HTTP access logging

You can configure access log settings for HTTP endpoints. An HTTP access log contains a record of all inbound client requests that are handled by HTTP endpoints.

You can enable access logging in the Open Liberty Server in two modes, a single log for multiple endpoints or one log for each endpoint. If you do not specify attributes, the defaults are used. To see a list of the default attributes, see httpAccessLogging.

HTTP access log settings

Using a common log

To enable logging for multiple endpoints with common settings, include httpAccessLogging as a top-level element in your server.xml file, and then reference it from multiple httpEndpoint elements, as shown in the following example:

<httpAccessLogging id="accessLogging"/>
<httpEndpoint id="defaultHttpEndpoint" accessLoggingRef="accessLogging" httpPort="9080" httpsPort="9443"/>
<httpEndpoint id="otherHttpEndpoint" accessLoggingRef="accessLogging" httpPort="9081" httpsPort="9444"/>

Using distinct logs for each endpoint

To enable logging for individual endpoints, use an accessLogging child element and specify a file path that does not conflict with other logs, as shown in the following example:

<httpEndpoint id="defaultHttpEndpoint" httpPort="9080" httpsPort="9443">
    <accessLogging filepath="${server.output.dir}/logs/http_defaultEndpoint_access.log"/>
</httpEndpoint>

HTTP access log format

Use the accessLogFormat property to specify the information and format you want to include in the NCSA access log for an HTTP transport channel. The value for this property is a space-separated list of options.

This log format string is specified by using the logFormat attribute of httpAcccessLogging or accessLogging elements in the server.xml file, as shown in the following examples:

<httpAccessLogging logFormat='%h %u %{t}W "%r" %s %b %D %{R}W'/>

<httpEndpoint id="defaultHttpEndpoint" httpPort="9080" httpsPort="9443">
   <accessLogging filepath="${server.output.dir}/logs/http_defaultEndpoint_access.log"
                  logFormat='%h %i %u %t "%r" %s %b %D %{R}W' />
</httpEndpoint>

The following table lists the available log format options.

Log format option Description

Log format option	Description
%a	The remote IP address
%A	The local IP address
%b	The response size in bytes excluding the headers
%B	The response size in bytes excluding the headers. If no value is found, `0` is printed instead of `-`.
%{CookieName}C or %C	The request cookie that is specified within the brackets. If the brackets are not included, print all of the request cookies.
%D	The elapsed time of the request, in microseconds
%h	The remote host
%i or %{HeaderName}i	The `HeaderName` header value from the request
%m	The request method
%o or %{HeaderName}o	The `HeaderName` header value from the response
%q	Output the query string with any password masked
%r	The first line of the request
%{remote}p	The ephemeral port of the client that made the request
%{R}W	Service time of the request from the moment the request is received until the first set of bytes of the response is sent - millisecond accuracy, microsecond precision
%s	The status code of the response
%t	The start time of the request, in NCSA format
%{t}W	The end time of the request, in NCSA format
%u	The remote user according to the Open Liberty-specific `$WSRU` header
%U	The URL Path, not including the query string
%{X}W	The Cross Component Tracing (XCT) Context ID

The remote IP address

The local IP address

The response size in bytes excluding the headers

The response size in bytes excluding the headers. If no value is found, 0 is printed instead of -.

%{CookieName}C or %C

The request cookie that is specified within the brackets. If the brackets are not included, print all of the request cookies.

The elapsed time of the request, in microseconds

The remote host

%i or %{HeaderName}i

The HeaderName header value from the request

The request method

%o or %{HeaderName}o

The HeaderName header value from the response

Output the query string with any password masked

The first line of the request

%{remote}p

The ephemeral port of the client that made the request

%{R}W

Service time of the request from the moment the request is received until the first set of bytes of the response is sent - millisecond accuracy, microsecond precision

The status code of the response

The start time of the request, in NCSA format

%{t}W

The end time of the request, in NCSA format

The remote user according to the Open Liberty-specific $WSRU header

The URL Path, not including the query string

%{X}W

The Cross Component Tracing (XCT) Context ID

Each option can be enclosed in quotation marks, but the quotation marks are not required. Unless otherwise noted, a value of - is printed for an option if the requested information cannot be obtained for that option.

The order that you specify the options determines the format of this information in the log. For example, you might specify the following directives as the value for the accessLogFormat property:

 %h %i %u %t "%r" %s %b %D %{R}W

Based on this setting, the NCSA access log includes the following information for each request in the specified order:

The remote host
The HeaderName header value from the request
The remote user according to the WebSphere Specific $WSRU header
The NCSA format of the start time of the request
The first line of the request
The status code of the response
The response size in bytes excluding headers
The elapsed time of the request in microseconds, end-to-end, including client and network time
The elapsed time in microseconds until the first bytes of the response are sent. This value is often a close approximation of application response time.