http://download.oracle.com/docs/cd/E19199-01/816-6400-10/lmodify.html

Previous      Contents      Index      Next
Sun ONE Directory Server Resource Kit 5.2 Tools Reference

Chapter 4

The ldapmodify Tool

The ldapmodify tool edits the contents of a Lightweight Directory Access Protocol (LDAP) directory, either by adding new entries or modifying existing ones. This chapter provides instructions on how to use the ldapmodify tool. It contains the following sections:

• Overview

• Command Usage

• Return Values

• Command-Line Examples

---

Overview

The ldapmodify tool takes entry updates, defined using the LDAP Data Interchange Format (LDIF), as input and issues a corresponding LDAP request to the designated directory server. The LDIF information can be configured in a file or directly at the command-line.

Tip	By placing all entry update statements in a file, ldapmodify can be used to process large numbers of modifications as well as transferring entries between directories.

ldapmodify is also provided with Sun™ ONE Directory Server in the DirectoryServer_base/shared/bin directory. However, the DSRK and its updates should include the latest version of the tool in the DSRK_base/bin/dsrk52 directory.

Caution	If you use the Solaris™ operating environment, there may be an older version of ldapmodify in /usr/bin. Be sure your path is set to use the latest version in DSRK_base/bin/dsrk52.

---

Command Usage

The ldapmodify tool processes entry update statements, or change records, defined by the LDIF . A change record contains the DN (distinguished name) of the target entry, the operation to perform, and any data needed to complete the operation. Code Example 4-1 is a change record configured to change Barbara Jensen’s surname [sn] attribute to Morris. In addition, it will change all values of the multi-valued cn attribute. (When using the replace syntax, all current values of the specified attribute will be removed and all given values will be added.)

Code Example 4-1  Entry Update Statement or Change Record

ldapmodify -h host -p port -D "cn=Directory Manager" -w password dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify replace: sn sn: Morris - replace: cn cn: Barbara Morris cn: Babs Morris

ldapmodify reads any number of these change records from the command-line or from a file, modifying the corresponding entries according to the LDIF instructions. For each DN in the LDIF file, the tool will perform the requested LDAP operation (defined by changetype) on the designated entry. ldapmodify supports the following operations:

• add an entry

• delete an entry

• edit an entry (including the DN or relative DN)

Syntax

The syntax of the ldapmodify tool on the command-line can take any of these forms:

ldapmodify [ options ]

ldapmodify [ options ] < LDIFfile

ldapmodify [ options ] -f LDIFfile

Where:

• options are the command-line options and their parameters described in Options.

• LDIFfile is an RFC 2849-compliant LDIF text file containing new entries or updates to existing entries.

In its first form (without LDIFfile), ldapmodify takes one or more LDIF update statements configured at the command-line, and ends the input with an end-of-file (EOF) marker. Once you enter all update statements and the EOF marker, ldapmodify will process the input and perform all operations.

Note	The EOF marker is platform dependent: Type Control-D (^d) on most UNIX systems. Type Control-Z (^z) and press Enter on Windows� NT�.

The next two syntaxes take an LDIF file as input. The second syntax uses < (the less than symbol) to take the input from the specified file instead of the keyboard. The final syntax does the same by using the -f option. Some samples of syntax and update statements are given in Command-Line Examples.

Note	For general information on LDIF, see Appendix E, “LDAP Data Interchange Format,” in the Sun ONE Directory Server Reference Manual). Additional information on LDIF and update statements is in “Managing Entries From the Command Line” in Chapter 2 of the Sun ONE Directory Server Administration Guide.

Modification Prerequisites

When modifying the contents of a directory, you must satisfy several prerequisite conditions. First, the bind DN and password used for authentication must have the appropriate permissions for the operations being performed. (Many high level directory operations, such as creating a database suffix, may only be performed by the Directory Manager with a bind DN of "cn=directory manager".) Second, if schema checking is active in your directory, Directory Server will check the contents of new and modified entries against the object class definition in the LDAP schema. All attributes of an entry, even those not being modified, are checked against the schema and must meet the following conditions:

• The value and value type of all attributes being added or modified must conform to their definition in the entry’s object class. When this is not the case, the modification of this entry will fail.

• Attributes and values not being modified must also conform to the schema. The modification of the entry will fail even if the offending attribute is not being modified. This situation can even occur if you run Directory Server with schema checking turned off, remove a required attribute or set an illegal value, and then turn schema checking on. For more information, see Chapter 9, “Extending the Directory Schema,” in the Sun ONE Directory Server Administration Guide.

Finally, you must ensure the coherent placement of entries in the LDIF input. Updates are performed in the order they are given in the input, allowing you to manage dependencies between operations. For example, if you want to add entries to a subtree that doesn’t exist, your LDIF input must first give the update statement for adding the subtree entry, before the update statements for adding entries under the subtree.

Caution	When a modification fails, only the operation on the faulty entry is affected. ldapmodify will stop processing further input although all entries processed before the error was encountered will be successfully added or modified. Use the -c option to specify that the tool should continue processing.

Options

The ldapmodify tool has three types of options:

• Common Options

• Input And Output Options

• SSL (Secure Socket Layer) Options

The following sections detail these options. The ldapmodify -H command and option when run on the command-line will display text that briefly describes all of the command-line options.

Common Options

The common options listed in Table 4-1 control the binding and general behavior of the ldapmodify command.

Table 4-1  Common Options for ldapmodify 

Option	Parameter	Purpose
-h	hostname	Specify the hostname of the directory server. When this option is omitted, the default is localhost.
-p	port	Specify the port number for accessing the directory server host. The default is 389 normally and 636 when the SSL options are used.
-D	bindDN	Specify a bind DN for accessing your directory, usually in double quotes ("") for the shell. If the bind DN and its password are omitted, the tool will use anonymous binding. The bind DN determines what entries and attributes may be modified, according to the DN’s access permissions.
-w	password	Specify the password for the bind DN. CAUTION: Specifying the password on the command-line is a possible security risk.
-w	-	Type the password for the bind DN when prompted. This is the most secure way of specifying the password.
-j	filename	Specify a file containing the password for the bind DN. Use this option in scripts and place the password in a secure file to protect it. This option is mutually exclusive with the -w option.
-f	LDIFfile	Give the name of a file containing LDIF update statements or new entries. (See Syntax.) The tool will perform each of the update operations (add, modify, or delete) in the order given in the file. When this option is omitted, ldapmodify will read LDIF update statements from the standard input (command-line).
-B	baseDN	Specify the base DN when performing additions, usually in double quotes ("") for the shell. All entries will be placed under this suffix, thus providing bulk import functionality.
-V	version	Specify the LDAP protocol version number to be used for the modify operation, either 2 or 3. LDAP v3 is the default; only specify LDAP v2 when connecting to servers that do not support v3.
-Y	proxyDN	Specify the proxy DN to use for the modify operation, usually in double quotes ("") for the shell. For more information about proxy authorization, see Chapter 6, “Managing Access Control,” in the Sun ONE Directory Server Administration Guide.
-M		Manage smart referrals: when they are the target of the update, modify the actual entry containing the referral instead of the entry obtained by following the referral. For more information, see “Creating Smart Referrals” in Chapter 2 of the Sun ONE Directory Server Administration Guide.
-O	hopLimit	(Capital letter O) Specify the maximum number of referral hops to follow while finding an entry to modify. By default, there is no limit.
-R		Specify that referrals should not be followed. By default, referrals are followed automatically.
-q		Quiet output mode: the tool will not display any output about the operations it performs.
-v		Verbose output mode: the tool will display additional information about the operations it performs.
-n		No-op mode: use with the -v option to show what the tool would do with the given input but do not perform any operations.
-0 (zero)		Allow runtime library version mismatches. When this option is omitted, the default behavior is to assert that the revision number of the LDAP API is greater than or equal to that used to compile the tool. Also, if the API library and the tool have the same vendor name, the tool will also assert that the vendor version number of the API is greater than or equal to that used to compile the tool. This information is based on the contents of the LDAPAPIInfo structure. (See the Sun ONE LDAP SDK for C Programming Guide.)
-H		Display the usage help text that briefly describes all options.

Input And Output Options

The input and output options listed in Table 4-2 control how ldapmodify processes input files and handles errors.

Table 4-2  Input and Output Options for ldapmodify 

Option	Parameter	Purpose
-a		The add entry mode provides an easy way to add entries in LDIF. All input entries that do not contain an LDIF changetype statement and keyword are processed as adds; entries with a defined changetype statement are processed accordingly. In particular, this option allows you to directly add entries from the output files of the ldapsearch tool.
-F		Force the application of all updates, regardless of the replica status.
-i	locale	Specify the character set to use for the -f LDIFfile or standard input. The default is the character set specified in the LANG environment variable. You might want to use this option to perform the conversion from the specified character set to UTF8, thus overriding the LANG setting.
-k	path	Specify the path to a directory containing conversion routines. These routines are used to specify a locale that is not supported by default by your directory server. For more information, see Appendix C, “Directory Internationalization” in the Sun ONE Directory Server Reference Manual.
-b		Handle binary files: the ldapmodify tool will scan every attribute value in the input to determine whether it is a valid file reference, and if so, it will use the contents of the file as the attribute’s value. This option is used to input binary data for an attribute, such as a JPEG image. For example, the corresponding LDIF input would be: jpegPhoto: /tmp/photo.jpg (on a UNIX platform) jpegPhoto: c:\tmp\photo.jpg (on Windows) The ldapmodify tool also supports the LDIF : < URL notation for directly including file contents. For example: jpegPhoto: < file:///tmp/photo.jpg (on all platforms) If all of your input entries use this notation, you do not need to specify the -b option. This option also allows you to process entries from the output files of the ldapsearch tool when it uses the -t option.
-A		Non-ASCII mode: display non-ASCII values, in conjunction with the -v option.
-c		Continuous mode: errors are reported but the ldapmodify tool will continue processing input and performing operations. When this option is omitted, the default is to quit after reporting an error.
-e	errorFile	Invalid update statements in the input will be copied to the errorFile for debugging. Use with the -c option to correct errors when processing large LDIF input.

SSL (Secure Socket Layer) Options

The options in Table 4-3 allow you to use LDAPS (LDAP over SSL) to establish a secure connection for the update operation. These options are valid only when LDAPS has been enabled and configured in your SSL-enabled directory server. For information on certificate-based authentication and creating a certificate database for use with LDAP clients, see Chapter 11, “Implementing Security,” in the Sun ONE Directory Server Administration Guide. See Using Authentication for examples using the SSL options.

Note	Only the -P option is required for server authentication. For the more secure client authentication, the -P, -N, -K and -W options are required.

Table 4-3  SSL Options for ldapmodify 

Option	Parameter	Purpose
-P	path	Specify the path and filename of the client’s certificate database. This file may be the same as the certificate database for an SSL-enabled version of Netscape™ Communicator, if available; for example: -P /home/uid/.netscape/cert7.db. When using the command on the same host as the directory server, you may use the server’s own certificate database, for example: -P installDir/slapd-serverID/alias/cert7.db. Use the -P option alone to specify server authentication only.
-Z		Specify that SSL be used to provide certificate-based client authentication. This option requires the -N and -W options and any other of the SSL options needed to identify the certificate and the key database.
-N	certificate	Specify the certificate name to use for certificate-based client authentication, for example: -N "Directory-Cert".
-m	path	Specify the path to the security module database. For example, /usr/iplanet/servers/slapd-serverID/secmodule.db. You need to specify this option only if the security module database is in a different directory from the certificate database itself.
-K	keyFile	Specify the file and path name of the client’s private key database. This option may be omitted if the key database is in the location already given by the -P option.
-W	password	Specify the password for the client’s key database given in the -K or -P options. This option is required for certificate-based client authentication.

---

Return Values

The ldapmodify tool is based on the Sun ONE LDAP SDK for C and its return values are those of the functions it uses, such as ldap_simple_bind_s(), ldap_add_ext_s(), ldap_modify_ext_s(), and ldap_delete_ext_s(). These functions return both client-side and server-side errors and codes. Table 4-4 shows the possible return values when the directory is hosted on a Sun ONE Directory Server. Other LDAP servers may send these values under different circumstances or may send different values. They may also send other result codes entirely; for example, custom result codes from a custom plug-in. For further information about result codes, see the Sun ONE LDAP SDK for C Programming Guide.

Table 4-4  Return Values of ldapmodify 

Return Value	Result Code and Explanation
0 (0x00)	LDAP_SUCCESS: the operation was successful.
1 (0x01)	LDAP_OPERATIONS_ERROR: sent by Directory Server for general errors encountered by the server when processing the request.
2 (0x02)	LDAP_PROTOCOL_ERROR: the modify request did not comply with the LDAP protocol. Directory Server may set this error code in the results for a variety of reasons, such as encountering an error when decoding the BER-encoded request.
10 (0x0a)	LDAP_REFERRAL: sent by Directory Server if the specified DN is an entry not handled by the current server and if the referral URL identifies a different server to handle the entry.
16 (0x10)	LDAP_NO_SUCH_ATTRIBUTE: sent by Directory Server if the attribute that you want to modify (add, replace, or delete) does not exist.
19 (0x13)	LDAP_CONSTRAINT_VIOLATION: sent by Directory Server when improperly modifying the userpassword attribute, for example if the new value is shorter than the allowed minimum length.
20 (0x14)	LDAP_TYPE_OR_VALUE_EXISTS: sent by Directory Server when attempting to add an attribute to an entry in which the attribute already exists with the given value.
21 (0x15)	LDAP_INVALID_SYNTAX: sent by Directory Server if your client is modifying the schema entry and no object class or attribute type is specified.
32 (0x20)	LDAP_NO_SUCH_OBJECT: sent by Directory Server if the entry that you want to modify or delete does not exist.
50 (0x32)	LDAP_INSUFFICIENT_ACCESS: sent by Directory Server if the DN used for authentication does not have permission to write to the entry.
53 (0x35)	LDAP_UNWILLING_TO_PERFORM: sent by Directory Server when: The directory is read-only. Attempting to add attributes to the special directory configuration entry. Attempting to modify attributes in the special schema entry.
65 (0x41)	LDAP_OBJECT_CLASS_VIOLATION: sent by Directory Server if the modified entry does not comply with the directory schema (for example, if one or more required attributes are not specified).
67 (0x43)	LDAP_NOT_ALLOWED_ON_RDN: sent by Directory Server if the modified entry no longer contains attributes for each DN component.
68 (0x44)	LDAP_ALREADY_EXISTS: sent by Directory Server if the DN of the entry that you want to add is already present in the directory.
81 (0x51)	LDAP_SERVER_DOWN: the LDAP server did not receive the request or the connection to the server was lost.
82 (0x52)	LDAP_LOCAL_ERROR: an error occurred when receiving the results from the server.
83 (0x53)	LDAP_ENCODING_ERROR: BER-encoding the request is not possible.
84 (0x54)	LDAP_DECODING_ERROR: an error occurred when decoding the BER-encoded results from the server.
89 (0x59)	LDAP_PARAM_ERROR: one of the options or parameters is invalid.
90 (0x5a)	LDAP_NO_MEMORY: memory cannot be allocated as needed.
91 (0x5b)	LDAP_CONNECT_ERROR: the specified hostname or port is invalid.
92 (0x5c)	LDAP_NOT_SUPPORTED: the -V 2 option is needed to access a server that only supports LDAP v2.

---

Command-Line Examples

The examples in this section demonstrate common uses of the ldapmodify tool to update the contents of a directory. All examples assume the following:

• The given bind DN has the permission to perform all operations on the selected entries.

• The directory server is located on a machine with the given hostname.

• The server uses the default port number 389 so you do not have to specify the port number on the search request.

• SSL is enabled for the server on the default SSL port number 636.

Adding an Entry

This example uses the -a option for bulk addition, so the changetype: add statement and keyword are not needed in the input. Instead, it contains standard LDIF entries to be added. Code Example 4-2 is the input file called newEntry.ldif which defines only one entry to add.

Code Example 4-2  newEntry.ldif Input File 

dn: cn=Pete Minsky,ou=People,dc=example,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Pete Minsky givenName: Pete sn: Minsky ou: People ou: Marketing uid: peterm

To perform this addition, launch the ldapmodify tool with the -a option and specify the input file with the -f option:

$ ldapmodify -h hostname -a -f newEntry.ldif \
              -D "uid=bjensen,dc=example,dc=com" -w bindPassword

Modifying an Entry

The update statement for a modification includes change records that specify the attributes to change and their new values. (See “Managing Entries From the Command Line” in Chapter 2 of the Sun ONE Directory Server Administration Guide for a description of this syntax.) Code Example 4-3 is the modifyEntry.ldif file which includes statements for adding a new attribute and modifying an existing one. The line with a single dash (-) is a separator for multiple modifications in the same entry.

Code Example 4-3  modifyEntry.ldif Input File

dn: cn=Pete Minsky,ou=People,dc=example,dc=com changetype: modify add: telephonenumber telephonenumber: (40 555-2468 - replace: uid uid: pminsky

To perform the operation, launch the ldapmodify tool and specify the filename on the command-line.

$ ldapmodify -h hostname -f modifyEntry.ldif \
              -D "uid=bjensen,dc=example,dc=com" -w bindPassword

Deleting an Entry

The update statement for a deletion requires only the DN and the changetype. This example shows how to enter this information as standard input on the command-line:

$ ldapmodify -h hostname \
             -D "uid=bjensen,dc=example,dc=com" \
             -w bindPassword \
             dn: cn=Pete Minsky,ou=People,dc=example,dc=com \
              changetype: delete ^D

Using Authentication

There are two levels of authentication that the directory server may enforce on clients such as the ldapmodify tool: server authentication and client authentication. In server authentication, the server accepts connections only from clients that have a trusted certificate. In the stronger client authentication the client must sign the certificate with a password-protected private key.

Note	In both cases, use the -p option to specify the directory server’s SSL port. All other non-SSL options retain their original meaning and may be used as necessary.

Using Server Authentication

To run the ldapmodify tool with server authentication, use only the -P SSL option [as discussed in SSL (Secure Socket Layer) Options] on the command-line, in addition to other common options.

$ ldapmodify -h hostname -p 636 -f LDIFfile \
             -D "uid=bjensen,dc=example,dc=com" -w bindPassword \
             -P /home/bjensen/certs/cert.db

Using Client Authentication

To perform an update with client authentication, you must give all SSL options [as discussed in SSL (Secure Socket Layer) Options] on the command-line, in addition to other common options.

$ ldapmodify -h hostname -p 636 -f LDIFfile \
             -Z -P /home/bjensen/security/cert.db -N "bjscert" \
              -K /home/bjensen/security/key.db -W KeyPassword

Caution	Do not use the -D and -w common options with client authentication, as the bind operation will use the authentication credentials specified with -D and -w instead of the certificate credentials desired.

Previous      Contents      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.

http://www.gossamer-threads.com/lists/quagga/users/21943?do=post_view_threaded#21943

Hi Paul!

Your patch is almost perfect! Thanks!

Here the complete "fix" for build quagga-0.99.18

===================================================================
--- quagga-0.99.18/bgpd/bgp_route.c 2011-03-21 15:32:49.000000000 +0100
+++ quagga-0.99.18-ok/bgpd/bgp_route.c 2011-03-23 10:29:03.000000000 +0100
@@ -4327,6 +4327,7 @@
"Specify a BGP backdoor route\n"
"AS-Path hopcount limit attribute\n"
"AS-Pathlimit TTL, in number of AS-Path hops\n")
+#ifdef HAVE_IPV6
ALIAS_DEPRECATED (ipv6_bgp_network,
ipv6_bgp_network_ttl_cmd,
"network X:X::X:X/M pathlimit <0-255>",
@@ -4342,6 +4343,7 @@
"IPv6 prefix <network>/<length>\n"
"AS-Path hopcount limit attribute\n"
"AS-Pathlimit TTL, in number of AS-Path hops\n")
+#endif /* HAVE_IPV6 */
^L
/* Aggreagete address:

@@ -12133,9 +12135,11 @@
install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd);
install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
install_element (BGP_IPV4M_NODE,
&no_bgp_network_mask_natural_backdoor_ttl_cmd);
-
+
+#ifdef HAVE_IPV6
install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd);
install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd);
+#endif /* HAVE_IPV6 */
}

void
===================================================================

Thanks again!

---
Sim
_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users

queries

 Specify where queries should be logged to.
At startup, specifing the category queries will also enable
query logging unless querylog option has been
specified.
The query log entry reports the client’s IP address and
port number. The query name, class and type. It also
reports whether the Recursion Desired flag was set (+
if set, - if not set), EDNS was in use (E) or if the query
was signed (S).
client 127.0.0.1#62536: query:
www.example.com IN AAAA +SE
client ::1#62537: query:
www.example.net IN AAAA -SE

windows服务器设置虚拟地址。windows下设置子网掩码为255.255.255.255比linux设置要麻烦些。要想在网上邻居本地连接的tcp/ip属性设置4个255掩码是不能得逞的，唯一的办法是修改注册表。默认状况下，windows并没有环回接口存在，配置之前得先安装这个“设备”。接下来介绍一下环回接口设置步骤：

控制面板点击添加新硬件

选“网络适配器”，按“下一步”，选“Microsoft”及“Microsoft Loopback Adapter”

  点击下一步安装好loopback adapter. 设置loopback的tcp/ip参数值

先设置ip，把子网掩码设置成255.255.255.0。

设置ip地址的目的是方便在注册表中搜索loopback设置子网掩码的位置，我们用设置的虚拟ip地址做搜索关键字，很快就找到位置了。

在这个项的下方，有个项“SubnetMask”，它的值为255.255.255.0.

把其修改为255.255.255.255,但不幸的是，windows 2003 server 的注册表修改编辑方式是2进制，修改时需要技巧。在windows xp的注册表编辑器上修改好，然后转换到2进制方式，windows 2003 server 对照这个值更改即可。

另外：也可以参考DhcpServer这个值来改。

修改好了，重启网卡或者重启机器就好了。

附：

http://hi.baidu.com/ruiban/blog/item/f6d6851cf98b4d8787d6b6fe.html

Cisco SFP-10G-LR

Cisco SFP-10G-ER

欢迎使用 WordPress。这是您的第一篇日志。您可以编辑它或是删除它，然后开始写您自己的博客。

包括进程的envrionstatusCMD及START_TIME



附件


http://bbs.chinaunix.net/thread-1813014-2-1.html

在apache的配置文件httpd.conf里一般都有类似于LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" common 的日志记录格式设置，那么这种格式里的各个参数都代表什么意思呢，怎样设置才能完全掌握网站的访问情况呢？下面我就参数意思，简单说下。

请求本身的情况将通过在格式字符串中放置各种"%"转义符的方法来记录，它们在写入日志文件时，根据下表的定义进行转换：

%a 远端IP地址
%A 本机IP地址
%B 除HTTP头以外传送的字节数
%b 以CLF格式显示的除HTTP头以外传送的字节数，也就是当没有字节传送时显示’-'而不是0。
%{Foobar}C 在请求中传送给服务端的cookieFoobar的内容。
%D 服务器处理本请求所用时间，以微为单位。
%{FOOBAR}e 环境变量FOOBAR的值
%f 文件名
%h 远端主机
%H 请求使用的协议
%{Foobar}i 发送到服务器的请求头Foobar:的内容。
%l 远端登录名(由identd而来，如果支持的话)，除非IdentityCheck设为"On"，否则将得到一个"-"。
%m 请求的方法
%{Foobar}n 来自另一个模块的注解Foobar的内容。
%{Foobar}o 应答头Foobar:的内容。
%p 服务器服务于该请求的标准端口。
%P 为本请求提供服务的子进程的PID。
%{format}P 服务于该请求的PID或TID(线程ID)，format的取值范围为：pid和tid(2.0.46及以后版本)以及hextid(需要APR1.2.0及以上版本)
%q 查询字符串(若存在则由一个"?"引导，否则返回空串)
%r 请求的第一行
%s 状态。对于内部重定向的请求，这个状态指的是原始请求的状态，—%>s则指的是最后请求的状态。
%t 时间，用普通日志时间格式(标准英语格式)
%{format}t 时间，用strftime(3)指定的格式表示的时间。(默认情况下按本地化格式)
%T 处理完请求所花时间，以秒为单位。
%u 远程用户名(根据验证信息而来；如果返回status(%s)为401，可能是假的)
%U 请求的URL路径，不包含查询字符串。
%v 对该请求提供服务的标准ServerName。
%V 根据UseCanonicalName指令设定的服务器名称。
%X 请求完成时的连接状态：X= 连接在应答完成前中断。
+= 应答传送完后继续保持连接。
-= 应答传送完后关闭连接。

(在1.3以后的版本中，这个指令是%c，但这样就和过去的SSL语法：%{var}c冲突了)
%I 接收的字节数，包括请求头的数据，并且不能为零。要使用这个指令你必须启用mod_logio模块。
%O 发送的字节数，包括请求头的数据，并且不能为零。要使用这个指令你必须启用mod_logio模块。

修饰符
可以紧跟在"%"后面加上一个逗号分隔的状态码列表来限制记录的条目。例如，"%400,501{User-agent}i" 只记录状态码400和501发生时的User-agent头内容；不满足条件时用"-"代替。状态码前还可以加上"!"前缀表示否定，"%!200,304,302{Referer}i"记录所有不同于200,304,302的状态码发生时的Referer头内容。

"<"和">"修饰符可以用来指定对于已被内部重定向的请求是选择原始的请求还是选择最终的请求。默认情况下，%s, %U, %T, %D, %r 使用原始请求，而所有其他格式串则选择最终请求。例如，%>s 可以用于记录请求的最终状态，而 %<u 则记录一个已经被内部重定向到非认证资源的请求的原始认证用户。

一些说明
出于安全考虑，从2.0.46版本开始，%r, %i, %o 中的特殊字符，除了双引号(")和反斜线()分别用 " 和 \ 进行转义、空白字符用C风格(n, t 等)进行转义以外，非打印字符和其它特殊字符使用 xhh 格式进行转义(hh是该字符的16进制编码)。在2.0.46以前的版本中，这些内容会被完整的按原样记录。这种做法将导致客户端可以在日志中插入控制字符，所以你在处理这些日志文件的时候要特别小心。

在2.0版本中(不同于1.3)，%b 和 %B 格式字符串并不表示发送到客户端的字节数，而只是简单的表示HTTP应答字节数(在连接中断或使用SSL时与前者有所不同)。mod_logio提供的 %O 格式字符串将会记录发送的实际字节数。

示例
一些常见的格式串：

通用日志格式(CLF)
"%h %l %u %t "%r" %>s %b"

带虚拟主机的通用日志格式
"%v %h %l %u %t "%r" %>s %b"

NCSA扩展/组合日志格式
"%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i""

Referer日志格式
"%{Referer}i -> %U"

Agent(Browser)日志格式
"%{User-agent}i"

文章开头提到的LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" common 中间用" "包含的参数都可以在上面找到对应的说明，至于最后的那个common，其实就是这种格式的一种标识符，当你套用这种格式记录日志的时候，就可以直接使用标识符了，例如:
CustomLog logs/access_log common
就会在logs下面产生一个以common为格式记录的日志文件access_log

Apache 1.3
URL Rewriting Guide
http://httpd.apache.org/docs/1.3/misc/rewriteguide.html

Module mod_rewrite
URL Rewriting Engine
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html