The access_log file lists each HTTP resource that is accessed by a web browser or client. Each line is in an extended version of the so-called "Common Log Format" used by many web servers and web reporting tools:
host group user date-time \"method resource version\" status
bytes ipp-operation ipp-status
10.0.1.2 - - [01/Dec/2005:21:50:28 +0000] "POST / HTTP/1.1" 200
317 CUPS-Get-Printers
successful-ok-ignored-or-substituted-attributes
localhost - - [01/Dec/2005:21:50:32 +0000] "GET /admin HTTP/1.1"
200 0 - -
localhost - - [01/Dec/2005:21:50:32 +0000] "POST / HTTP/1.1" 200
157 CUPS-Get-Printers
successful-ok-ignored-or-substituted-attributes
localhost - - [01/Dec/2005:21:50:32 +0000] "POST / HTTP/1.1" 200
1411 CUPS-Get-Devices -
localhost - - [01/Dec/2005:21:50:32 +0000] "GET /admin HTTP/1.1"
200 6667 - -
The host field will normally only be an IP address
unless you have enabled the HostNameLookups
directive in the cupsd.conf file or if the IP address
corresponds to your local machine.
The group field always contains "-".
The user field is the authenticated username of the requesting user. If no username and password is supplied for the request then this field contains "-".
The date-time field is the date and time of the request in local time and is in the format:
[DD/MON/YYYY:HH:MM:SS +ZZZZ]
The method field is the HTTP method used: "GET", "OPTIONS", "PUT", or "POST". "GET" requests are used to get files from the server, both for the web interface and to get configuration and log files. "OPTIONS" requests are used to upgrade connections to TLS encryption. "PUT" requests are used to upload configuration files. "POST" requests are used for web interface forms and IPP requests.
The resource field is the filename of the requested resource.
The version field is the HTTP specification version used by the client. For CUPS clients this will always be "HTTP/1.1".
The status field contains the HTTP result status of the request, as follows:
200 - Successful operation.201 - File created/modified successfully.304 - The requested file has not changed.400 - Bad HTTP request; typically this
means that you have a malicious program trying to access
your server.401 - Unauthorized, authentication
(username + password) is required.403 - Access is forbidden; typically
this means that a client tried to access a file or
resource they do not have permission to access.404 - The file or resource does not
exist.405 - URL access method is not allowed;
typically this means you have a web browser using your
server as a proxy.413 - Request too large; typically this
means that a client tried to print a file larger than the
MaxRequestSize
allows.426 - Upgrading to TLS-encrypted
connection.500 - Server error; typically this
happens when the server is unable to open/create a file -
consult the error_log file for details.501 - The client requested encryption
but encryption support is not enabled/compiled in.505 - HTTP version number not supported;
typically this means that you have a malicious program
trying to access your server.The bytes field contains the number of bytes in the request. For POST requests the bytes field contains the number of bytes of non-IPP data that is received from the client.
The ipp-operation field contains either "-" for non-IPP requests or the IPP operation name for POST requests containing an IPP request.
The ipp-status field contains either "-" for non-IPP requests or the IPP status code name for POST requests containing an IPP response.