Re: what should be logged

From: Jim Pitkow (
Date: Fri, Dec 25 1998

Message-Id: <>
Date: Thu, 24 Dec 1998 21:28:39 PST
From: Jim Pitkow <>
Subject: Re: what should be logged


   Thanks - I'm taking what you sent and working it into a rough draft.
I'll post it in a few days.


At 02:07 AM 12/14/98 , Balachander Krishnamurthy wrote:
>at the last conf call i promised to send out my thoughts on what should be
>in logs. here is a first cut
>[This is output of the ongoing En Passant project at AT&T Labs--Research
> that also involves Jennifer Rexford and Ramon Caceres]
>Extended server logs typically gather the following fields:
>IP address or name of the client (remote host), date/time of the
>request, first line of the request (HTTP method and URL), response
>status code (200, 304, ...), number of bytes in the response
>[all of the above fields found in virtually all logs], 
>remote log and user's name (rarely present in logs), the referer
>field, user agent information (found sparingly).
>Additional items to be logged:
>        time at which request was received
>        time at which response creation began/ended
>For most applications the above might suffice but with HTTP/1.1 we need 
>more fields:
>        cache control headers including ETag, request/response directives
>        ranges specified in range requests
>        accept-encoding formats 
>        content negotiation headers (such as Accept-Language)
>During my talk at the Cambridge workshop I had mentioned a paper on 
>differences between HTTP/1.0 and HTTP/1.1 --- it is now available
>	Key Differences between HTTP/1.0 and HTTP/1.1 
>	AT&T Labs--Research Technical Memorandum 98.39.1
>	Balachander Krishnamurthy and Jeffrey C. Mogul and David M. Kristol
>A colleague of mine will sit in for me at the next conference call. I will
>be offline for 4 weeks starting tomorrow.