LogFormat is a position-independent config.txt/ezproxy.cfg directive that specifies the format that EZproxy should use when recording EZproxy user activity. These requests are logged to the file ezproxy.log or to the filename specified by LogFile. By default, EZproxy records this information using common log format which is recognized by many web server log file analysis packages.

If you would like to collect different information in your ezproxy.log file, you can edit config.txt/ezproxy.cfg specifying your exact format using LogFormat. By default, EZproxy uses this LogFormat command:

LogFormat %h %l %u %t "%r" %s %b

The following table describes the special fields that are available for the log format. When logging URL information, EZproxy records the remote database URL (e.g. http://www.somedb.com/) and not the corresponding EZproxy URL that the user sees (e.g. http://ezproxy.yourlib.org:2050/ or http://www.somedb.com.ezproxy.yourlib.org/). Not all fields are available in older versions of EZproxy, so if a specific field returns -, you may need to update to the current release if you want to that field.

Field Value
%a IP address of host accessing EZproxy.
%b Number of bytes transferred.
%{ expression}e Evaluate expression as an EZproxy Expression (requires EZproxy 5.1b or later).
%h Host accessing EZproxy (always IP address).
%{ header}i Specified header from the browser request; Referer and User-Agent are two commonly used headers. Additional EZproxy-specific headers are defined below.
%{ezproxy-dbvar #}i Replace # with a digit 0 through 9 to have the DbVar associated with this database inserted.
%{ezproxy-groups}i Plus-sign-delimited list of groups to which the user has access (e.g. General+Restricted).
%{ezproxy-protocol}i Protocol of the remote server accessed (i.e. http, https, or ftp).
%{ezproxy-session}i EZproxy identifier for the user's current session.
%{ezproxy-spuaccess}i When used with LogSPU, insert proxy if the remote user's access to the URL will be proxied, local is being redirected due to ExcludeIP, or unknown if the URL is not known to EZproxy and Option RedirectUnknown appears in config.txt/ezproxy.cfg .
%{ezproxy-url #}i Specific portion of the destination URL. # is a number that specifies which portion to insert. For example, in the URL http://www.somedb.com/abc/def, %{ezproxy-url1}i would return abc, %{ezproxy-url2}i def, %{ezproxy-url3}i returns a blank string.
%{ezproxy-usrvar #}i Replace # with a digit 0 through 9 to have the corresponding UsrVar associated with this user inserted.
%l Remote username obtained by idented (identd is not used, so this always inserts -).
%m Method of request (e.g. GET, POST).
%r Complete request (e.g. GET http://www.somedb.com HTTP/1.0).
%s HTTP numeric status of request (always 200 in EZproxy 1.0 and 1.2). A table of special EZproxy-specific status codes appears below.
%t Date/time of request; may also appear as %{format}t to specify a strftime time format.
%T Time in seconds to process the request
%u Username used to log into EZproxy if "Option LogUser" appears in config.txt/ezproxy.cfg ; session identifier if "Option LogSession" appears in config.txt/ezproxy.cfg ; - otherwise.To log both username and session, add only "Option LogUser" to config.txt/ezproxy.cfg , then use %u for the username and %{ezproxy-session}i for the session identifier.
%U URL requested (e.g. http://www.somedb.com/).
%v Virtual web server's hostname (e.g. www.somedb.com).
%% Single percent sign (%).
\n Newline character.
\t Tab character.

The browser that the user is using is called user-agent, so you can add this information to the ezproxy.log by editing config.txt/ezproxy.cfg and adding the line:

LogFormat %h %l %u %t "%r" %s %b "%{user-agent}i"

then restarting EZproxy.

EZproxy adds the special header %{ezproxy-session}i as a way to access the unique session identifier created when each user logs into EZproxy. If you want to track all sessions, including username information, you might add these lines to config.txt/ezproxy.cfg :

Option LogUser
LogFormat %h %{ezproxy-session}i %u %t "%r" %s %b

"Option LogUser" causes EZproxy to record the username in %u. Since EZproxy does not use %l, it is replaced with %{ezproxy-session}i which causes the unique session identifier to be recorded instead. This location typically contains a username, so your web server analysis software may automatically use the information in this field as a way to tie information together and report information grouped by sessions.

Privacy considerations

When considering the use of "Option LogUser", "Option LogSession" and "%{ezproxy-session}i", please give careful consideration to the balance between the data gathering possibilities versus the potential privacy issues of being able to bundle together the browsing history of your patrons.

EZproxy-specific status codes

In addition to the standard HTTP status codes, EZproxy may record the following special status codes under the specified circumstances.

Code Meaning
597 Recorded on access attempts after the IntruderReject threshold has been exceeded
598 Attempt made to access an unauthorized EZproxy administration function
599 Starting point URL referenced a host that EZproxy is not configured to proxy
900-905 and 907 Error occurred receiving the request from the remote user's browser
906 Error occurred forwarding the request from the user's browser to the remote server
950 Error occurred interpreting an administration request from the remote user
997 Shibboleth login failure due to metadata misconfiguration (recorded as 999 in early beta releases of Shibboleth support)
998 Access denied based on a DenyIfRequestHeader directive in config.txt/ezproxy.cfg
999 Access attempted from an IP address that is in a RejectIP address range