访问日志格式化器(Apache / Nginx)
指导
访问日志格式化器(Apache / Nginx)
粘贴原始的Apache或Nginx访问日志行,立即将其转换为结构化、可排序的表格。访问日志格式器会检测每行日志是采用通用日志格式(CLF)还是合并日志格式(Apache默认格式),然后将每条记录拆分为清晰的列:IP地址、日期/时间、请求方法、路径、状态码、字节数、referrer和用户代理。可通过状态码分组进行过滤,点击任意列标题即可排序,仅导出你关心的行作为CSV文件。
如何使用
- 将你的原始访问日志行粘贴到输入框中,或上传日志文件。
- 离开 日志格式 在自动检测模式下,或如果服务器使用固定格式,则可将其固定为CLF或合并格式。
- 使用 状态码过滤 选择下拉菜单以缩小结果到特定状态码分组(例如, 4xx客户端错误 在查找损坏链接时使用)。
- 点击任意列标题以按IP地址、日期/时间、状态码、字节数或其他字段排序。
- 点击 Download CSV 以将当前可见的行保存,用于在电子表格中进一步分析。
特征
- 自动检测CLF和合并格式 – 无需预先了解日志格式;自动识别Apache和Nginx的默认格式。
- 可排序列 – 点击任一列标题即可按IP地址、日期、状态码、响应大小等字段排序。
- 状态码过滤器 – 快速筛选出2xx成功、3xx重定向、4xx客户端错误或5xx服务器错误的请求。
- 状态码颜色高亮 – 状态码以颜色标识,异常情况一目了然。
- 过滤后行的CSV导出 – 下载你看到的精确内容,可直接导入Excel、Sheets或Pandas。
- 文件上传支持 – 可通过拖放方式直接拖入日志文件,而无需粘贴日志行。
- 完全在浏览器中运行 – 日志不会离开页面,因此敏感的IP地址和请求路径将保留在本地。
常问问题
-
What is the difference between Common Log Format (CLF) and Combined Log Format?
Common Log Format records the client IP, RFC 1413 ident, authenticated user, request timestamp, the request line, the HTTP status code, and response size in bytes. Combined Log Format adds two extra quoted fields at the end: the Referer header and the User-Agent header. Apache's default access log uses Combined; Nginx ships with a similar default it calls 'main', which is also Combined-compatible.
-
Why does an access log entry sometimes show a dash instead of a value?
A single hyphen ('-') in an access log means the field was not available. RFC 1413 ident is almost always a dash because the protocol is virtually unused, and the authenticated user is a dash for any unauthenticated request. The Referer and User-Agent are dashes when the client did not send those headers. The response size is a dash on requests that returned no body, such as a 304 Not Modified.
-
What do HTTP status code groups (1xx, 2xx, 3xx, 4xx, 5xx) mean?
Each digit class signals a category of response. 1xx is informational (rare in access logs), 2xx is success, 3xx is redirection, 4xx indicates a client-side error such as a missing resource or unauthorised request, and 5xx indicates a server-side error such as an internal exception or upstream failure. Filtering by group is a fast way to surface broken links (4xx) or backend incidents (5xx).
-
Why are access log timestamps wrapped in square brackets with an offset like -0700?
The Common Log Format timestamp uses the strftime pattern '[day/month/year:hour:minute:second zone]' where the zone is the server's offset from UTC. The square brackets and the trailing offset are part of the format itself, which is why parsers must treat the whole bracketed expression as one field. Storing the offset means the timestamp can be interpreted unambiguously even if the server later moves time zones.
