This page describes the format of the Common Log Format. Each line in the log file represents a single request for an item. This may be an html file, a graphic, a CGI invocation, etc. An entry has the following format (in this order):
remotehost rfc931 authuser [date] "request" status bytes
Where:
remotehost => Remote hostname (or IP number if DNS hostname is not available, or if DNSLookup is Off.
rfc931 => The remote logname of the user. The next item will always be a dash for security and privacy reasons.
authuser => The username as which the user has authenticated himself. This is ONLY available on web pages that are password protected, and the "login name" is the ID they used to gain access, not their real login name. It will normally be a dash.
[date] => Date and time of the request.(LocalTime, but can be changed to GMT by the server). The format is: [Day/Mon/Year:HH:MM:SS TZ]
"request" => The request line exactly as it came from the client. It is enclosed in double quotes and will normally start with the word GET (which means it was a file request). You may instead see other words (POST, HEAD, etc.). That is followed by the filename, and then the HTTP version.
status => The HTTP status code returned to the client. Possible result codes include: 200 - Document follows; 302 - Redirect; 304 - Use local copy; 400 - Bad request; 401 - Requires a password; 403 - Forbidden; 404 - Not found; 500 - Server error
bytes => The content-length of the document transferred - number of bytes sent..
So now that you have a raw log file, what can you do with it? Well, you can import the data into a spreadsheet or database to perform your own analysis, or you can obtain your own log file analyzer to run on your own computer.