Getting server feedback helps you to manage your web servers effectively.
Apache web servers keep a record of their activities on their logs, enabling web admins to stay updated on their server events and troubleshoot problems. It records all website visitors and logs server problems in separate logs—access and error logs.
This article guides you on what you need to know on Apache server logs, exploring what they mean, how to access, read and configure them.
So, let’s get started.
Types of Apache Logs
Apache supports log files that let users receive regular feedback on their web servers. As a result, most web admins often rely on them as their primary source of information when troubleshooting websites.
The Apache access and error log files are essential aspects of your web environment, so let’s explore them quickly.
Apache Access Log
The Apache access log records data for every request processed by the Apache server.
It logs the information of all visitors to your website, including the files they viewed, server response status code, the time it took the server to respond, the visitors’ IP addresses, and web browser types.
The Apache access file helps you become a better web admin, and some of the scenarios it can come through for you are:
- Helping you identify why a common request is failing for visitors trying to access a particular page.
- Pinpointing Pages that take time to load.
- Letting you see commonly requested resources, which could help you optimize your content strategy.
Where to Find the Access Log
As a ScalaHosting customer, you can get quick and easy access to your server’s access and error logs via SPanel.
First, you need to log into SPanel’s User Interface.
On the homepage, you need to find the Domains tool. Open it and scroll down to the list of domains added to your account.
Next to each domain, there’s an Actions drop-down. Click open the menu next to the domain you’re interested in and choose the right option.
Among other things, this menu lets you view access, error, and PHP error logs.
Via SSH Access – Secure Shell (SSH) access allows users to run commands on their remote servers effortlessly. You can use it to read access and error logs, as well, though you need to bear in mind that this often requires root access, which you may not have depending on your plan.
To find your Apache access log via this option, connect to your remote server via SSH and run the command below.
Sudo locate access.log
Reading Apache Access Log
Making sense of the access log requires knowing how Apache logs the file.
The Custom log directive or module lets you define within your Apache config file where you want to store the log and the format you want Apache to log the access entries.
Understanding the Apache access log format demystifies reading the log.
So, let’s explore this by unbundling the Common Log Format (CLF)—Apache’s default log format:
- LogFormat “%h %l %u %t \”%r\” %>s %b” common.
The log format returns Apache access log entries that are similar to the one below:
- 127.0.0.1 – john [9/Jul/2021:10:34:12 -0500] “GET /sample-image.png HTTP/2” 200 1479
Now let’s examine the tags in the above common log format string to understand what each section means:
| S/N | Sections | Meaning |
| 1 | %h | Visitors IP address |
| 2 | %I | The client’s identity. Apache uses the client’s machine’s identd to determine this and often returns a hyphen if it’s not available. |
| 3 | %u | Client’s userID (for authenticated requests). |
| 4 | %t | Date and time of the request |
| 5 | \”%r\” | The request type, requested resource path, and the HTTP protocol the client used |
| 6 | %>s | Server response status code |
| 7 | %b | Size of the requested resource |
Apache Error Log
The Apache error log records data for all issues encountered by the Apache server.
Most of the errors in Apache logs are minor issues, such as missing files. However, it also uses the error file to record diagnostic information about the server or warnings indicating potential problems with a particular event or configuration.
The location of your error log may vary depending on your Linux distribution, but you can run the grep command to find its exact location –
$ grep ErrorLog /usr/local/etc/apache22/httpd.conf
$ grep ErrorLog /etc/apache2/apache2.conf
$ grep ErrorLog /etc/httpd/conf/httpd.conf
The ErrorLogFormat directive lets you define the format of your Apache error log, and it often takes this form –
ErrorLogFormat “[%t] [%l] [client %a] %M”
Where:
- %t is the day, date and time the Apache server reported the error
- %I is the message level such as fatal, notice, error, and others.
- %a specifies the client’s IP address (if it exists).
- %M is the error message.
A typical Apache error log looks thus –
[Fri Jul 09 04:06:13 2021] [error] [client 1.2.3.4] File does not exist: /var/www/html/robots.txt
Configuring Apache Logs
Apache comes with a highly configurable logging framework that lets users set their preferred logging behavior. So, let’s examine some of the ways you can configure your Apache logs.
The “CustomLog” Directive
Apache Custom Log Format is the standardized logging format for most web servers.
It’s the default Apache log format. CSF produces straightforward access logs most web admins can easily understand. Also, most log analysis platforms often use CLF-formatted log files.
On the other hand, the CustomLog directive lets users specify their log file locations and define their log format. Thus, the directive can help extend the capabilities of your CLF, enabling you to get more granular with your access logs.
You’ll notice some of these capabilities as we proceed with the article.
Combined Log Format
The Combined Log Format is similar to the CSF but adds extra sections to provide more information for analysis and debugging.
The format takes this form:
- LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-agent}i\” common
- CustomLog “logs/access_log” common
An Apache access log under this format will look thus –
127.0.0.1 – John [8/Jul/2021:13:55:36 -0700] “GET /apache_pb.gif HTTP/1.0” 200 2326 “http://www.domain.com/promo.html” “Mozilla/4.08 [en] (Win10; I ;Nav)”
Now, notice the additional fields in green highlight, they are:
- “http://www.domain.com/promo.html” (\”%{Referer}i\”) is the HTTP referer, representing the URL originating the request.
- “Mozilla/4.08 [en] (Win10; I ;Nav)” (\”%{User-Agent}i\”) is the user-agent and it specifies the client’s browser.
Multiple Access Logs
The multiple CustomLog directive lets you configure numerous access logs for your Apache server. All it requires is adding an extra CustomLog directive to create the multiple access logs, as shown below.
LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%{User-agent}i” agent
CustomLog /var/log/apache2/access.log combined
CustomLog /var/log/apache2/agent_access.log agent
Log Rotation and Piped Log
Apache log files easily take up space, including a moderately busy server.
On average, 10,000 server requests can grow the log by 1 MB, making it necessary to regularly rotate the log files by moving or deleting old logs.
Sadly, this can’t happen while the server is running because Apache will continue to write to the old file as long as it holds the file open, but restarting the server after moving or deleting the old logs ensures it opens new log files.
Unfortunately, restarting the server interrupts clients’ activities, making a graceful restart and piped log processes a no-brainer.
The former restarts Apache servers without losing clients’ connections, enabling Apache to open and write to new log files without interruptions. In contrast, piped log processes allow log rotation without a server restart.
Rather than writing directly to a file, it enables Apache to write error and access log files through a pipe to another process.
The Apache HTTP servers’ rotatelog program enables this capability, and it also comes with options to rotate logs conditionally based on size and time, like every 24 hours.
Other Apache Logs and Log-Related Modules
Other Apache logs and modules are:
- The conditional log lets users exclude specific entries from the access log based on the client request’s characteristics.
- The mod_log_forensic module allows logging before and after processing a request, thus containing two log lines for each request. In addition, it assigns a unique ID to each entry to enable tracing events between the forensic log and normal log.
- Mod_logio is a default Apache module that adds two additional fields (%O and %I) that allow logging the actual number of bytes received and sent over the network.
Need Support?
If you have questions regarding Apache logs or need help accessing, interpreting, or configuring your Apache log files, kindly reach out to our support, and we’ll be glad to help.
