I'm on centOS and new to using tail to view the access logs on my server, and I'm not able to understand the meaning of every information I see. For example, one of the info it shows me is:
123.456.789.10 -- [03/Dec/2021:22:30:47 +0000] "POST / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4444.129 Safari/537.36"
I understand what some of these information means such as the IP addresses, browser, dates, time, etc. But for others, I'm just guessing what they mean and what their usefulness it. Can someone help me with explaining these parts: +0000] "POST / HTTP/1.1" 200 20 "-", (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)?
The +0000 comes with the time of the request.
The POST is for the method used by the request: GET, POST, PATCH, UPDATE ... Doc about HTTP method
HTTP/1.1 correspond to the protocol. Here, HTTP, in version 1.1.
200 is for the HTTP response code. 200 is OK. 404 is not found etc... Documentation
Then, (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) is informations about the browser, and how the request is made. Sometimes, we can see names with "bot" in them. It's mostly to explain which type of device made the response. It help specially for website that wants to know if you are on mobile, or not.
In it, you have: