HTTP logging is much essential if you are using Weblogic as web server. Also you can use this feature to scrutinize the incoming requests coming to the server via external IPs. You can find the HTTP log (access.log) for any server within Weblogic domain. Enabling this can give a track who or what is trying to access your application from which IP and when. Go to this path:
Home-> Environment -> Servers
Select the server that you want to configure HTTP logging.
Go to Logging tab.
Find the sub-tab HTTP and click on that.
Go to Advanced section at the bottom of the pane. You will see the Format section.
Now click on Lock & Edit button in the Change Center at the top-left of the page. This will enable the drop down of the Format menu. Change it into Extended mode from Common format. This will help to use excess parameters to be shown within access.log.
Now you need to incorporate the necessary parameters in Extended Logging Format Details which are needed to be shown as column in access.log. There are several options you can choose from the below syntaxes, each of it will create a column with corresponding values:
c-ip: The IP address of the server.
cs-username: The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.
date : Date at which transaction completed, field has type <date>, as defined in the W3C specification.
time : Time at which transaction completed, field has type <time>, as defined in the W3C specification.
cs-method : The request method, for example GET or POST. This field has type <name>, as defined in the W3C specification.
cs-uri: The full requested URI. This field has type <uri>, as defined in the W3C specification.
sc-status: Status code of the response, for example (404) indicating a “File not found” status. This field has type <integer>, as defined in the W3C specification.
cs(User-Agent) : The browser type that the client used.
s-sitename: The Internet service name and instance number that was running on the client.
s-port: The Port number of the server.
time-taken: Time taken for transaction to complete in seconds, field has type <fixed>, as defined in the W3C specification.
sc-substatus: The substatus error code.
cs-host: The host header name, if any.
cs-version: The protocol version —HTTP or FTP —that the client used.