The access_log file lists each HTTP resource that is accessed by a web browser or client. Each line is in an extended version of the so-called "Common Log Format" used by many web servers and web reporting tools:
host group user date-time \"method resource version\" status
bytes ipp-operation ipp-status
10.0.1.2 - - [01/Dec/2005:21:50:28 +0000] "POST / HTTP/1.1" 200 317 CUPS-Get-Printers successful-ok-ignored-or-substituted-attributes
localhost - - [01/Dec/2005:21:50:32 +0000] "GET /admin HTTP/1.1" 200 0 - -
localhost - - [01/Dec/2005:21:50:32 +0000] "POST / HTTP/1.1" 200 157 CUPS-Get-Printers successful-ok-ignored-or-substituted-attributes
localhost - - [01/Dec/2005:21:50:32 +0000] "POST / HTTP/1.1" 200 1411 CUPS-Get-Devices -
localhost - - [01/Dec/2005:21:50:32 +0000] "GET /admin HTTP/1.1" 200 6667 - -
The host field will normally only be an IP address
unless you have enabled the
directive in the cupsd.conf file or if the IP address
corresponds to your local machine.
The group field always contains "-".
The user field is the authenticated username of the requesting user. If no username and password is supplied for the request then this field contains "-".
The date-time field is the date and time of the request in local time and is in the format:
The method field is the HTTP method used: "GET", "OPTIONS", "PUT", or "POST". "GET" requests are used to get files from the server, both for the web interface and to get configuration and log files. "OPTIONS" requests are used to upgrade connections to TLS encryption. "PUT" requests are used to upload configuration files. "POST" requests are used for web interface forms and IPP requests.
The resource field is the filename of the requested resource.
The version field is the HTTP specification version used by the client. For CUPS clients this will always be "HTTP/1.1".
The status field contains the HTTP result status of the request, as follows:
200- Successful operation.
201- File created/modified successfully.
304- The requested file has not changed.
400- Bad HTTP request; typically this means that you have a malicious program trying to access your server.
401- Unauthorized, authentication (username + password) is required.
403- Access is forbidden; typically this means that a client tried to access a file or resource they do not have permission to access.
404- The file or resource does not exist.
405- URL access method is not allowed; typically this means you have a web browser using your server as a proxy.
413- Request too large; typically this means that a client tried to print a file larger than the
426- Upgrading to TLS-encrypted connection.
500- Server error; typically this happens when the server is unable to open/create a file - consult the error_log file for details.
501- The client requested encryption but encryption support is not enabled/compiled in.
505- HTTP version number not supported; typically this means that you have a malicious program trying to access your server.
The bytes field contains the number of bytes in the request. For POST requests the bytes field contains the number of bytes of non-IPP data that is received from the client.
The ipp-operation field contains either "-" for non-IPP requests or the IPP operation name for POST requests containing an IPP request.
The ipp-status field contains either "-" for non-IPP requests or the IPP status code name for POST requests containing an IPP response.