Web servers logs provides a lot of information about the web application and user . Apache is very popular web server used by millions of web sites. Apache provides different types of logs like
error etc. In this tutorial we will look how access log configured and try to understand log format.
Apache Access Log
Apache Access Log provides information about access to the Apache web server. When some one visits the web site or open web application through browser Apache web server will create some log about the request.
Apache Access Log Location
Apache Access Log is stored by default in the following directories. Access log can be opened with a simple text editor like kwrite, gedit etc. or simply
cat in the command line.
CentOS, Fedora, RedHat:
Apache Access Log Formatting
Apachec Access Log provides a lot of useful information about the request and responses to those requests. Apache configuration uses
LogFormat directive to define access log format. Default log format is like below.
LogFormat "%h %l %u %t \"%r\" %>s %b" common
Here is the meanings of shortcuts.
%hip address of the client
%lif exist identity of the client
%uuserid of the client if the user is authenticated
%tdate time the request has arrived
\"%r\"is the HTTP method the client requested which includes the HTTP verb the URI and HTTP version
%>sis the response code the server sends back to the client
%bthe size of object returned to the client
Here is an example log for Apache access
127.0.0.1 - - [16/Aug/2017:07:03:45 +0300] "GET / HTTP/1.0" 200 11192 "-" "check_http/v2.2 (monitoring-plugins 2.2)"
Non existing columns will be presented with
List Current Access Log Formatting
Access Log format is defined in
/etc/apache2/apache2.conf Ubuntu, Debian or
/etc/httpd/httpd.conf in CentOS or RedHat systems. We can list current
LogFormat directive with the following command.
$ cat /etc/apache2/apache2.conf | grep Log
Interactively Reading Apache Access Log
System administrators generally need to read Apache access log interactively in order to troubleshot. We can use use
tail command in order to see Apace access log in real time. We will use following command . We assume
access.log resides in
$ tail -f /var/log/apache2/access.log