09 Nov 2018

Learn about domlogs on your Web Server

Ever wondered huge pile of logs occupying gigabytes or space inside apache directory? These are Domain Logs Abbreviated as domlogs. Web Statistics are stored in these logs which includes attributes like IP Address, Identity, Date/Time, Request, etc. These stats are very helpful in filtering the traffic hitting on your website. Domlogs can be found under the domlogs directory in apache logs. Path will be /var/log/apache/domlogs/

Domlogs are stored separately for each domain in the separate file for HTTP and HTTPS traffic.

Domlog for single request looks like below.

106.77.92.168 – – [10/Oct/2018:13:48:04 +0530] “GET /wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.5.7 HTTP/1.1” 200 149051 “-” “Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36”

Reading domlog without prior knowledge about its contents will look weird for anyone. We will all the parts of the domlog request below. We have marked the various sections of domlog using numbers from 1 to 8 for the better experience.

domlog request

  1. IP Address: The IP Address of the requester i.e. 106.77.92.168
  2. Identity: These two dashes are for two different ways of determining the identity of the requester. The first one is unreliable and always a – (meaning unknown) and the second one will be replaced with a username if HTTP authentication is used.
  3. Date and Time: It includes the date and time, including the universal time offset i.e. TimeZone.
  4. Request: This shows the request. This means the request is using HTTP 1.1 to get the layerslider.css file.
  5. HTTP Status Code: This shows up the status of the request. In our case, the request shows up  200 code which means “OK” and the request is successful.
  6. Size of the file: This field tells the size of the file in bytes excluding the headers
  7. Page previously visited: This field shows the site that referred the user (the page they were on last). In this case blank (-) field indicates that the user entered the URL directly in the address bar.
  8. Browser Identity: This field shows you the details of the identity of the browser which is making the request to the website.

Hope this puts some light on the domlogs.