Apache Log Files


An Apache web site, particularly one that is exposed to the Internet, will generate extensive logs that you should be aware of and learn to interpret and manage. The Apache logs can reveal any errors that are generated by Apache at run time, possible security problems in the Apache configuration, the network bandwidth used by Apache, and other useful pieces of information.

The location of Apache logs can vary depending on the manner in which Apache was installed. The location can be /var/log/httpd, /var/log/apache, /var/log/apache2, or /usr/local/ apache2/logs (if installed from source code as prescribed in this chapter). There are three main log files for recent versions of Apache: access_log, error_log, and suexec.log. The largest of these log files, the access_log file, contains information on all HTML documents and objects that have been requested from the Apache httpd over the network using the HTTP protocol, the types of all HTTP requests, and the HTTP status codes associated with each request. The error_log file contains errors generated by Apache, including HTTP requests for nonexistent or restricted pages or objects. The access_log and error_log files both contain the numeric IP addresses of remote machines that sent HTTP requests to the httpd and the time and date stamps of those requests. An entry in the access_log file looks like this:

 216.35.116.91 - - [19/Apr/2006:14:47:37 −0400] "GET / HTTP/1.0" 200 654

This entry shows a HTTP protocol “GET” method request (see Chapter 10) for the Apache document root (“/”) from the remote host at the numeric IP address 216.35.116.91 (probably a search engine) at 2:47 P.M. on April 19, 2006. The httpd status code “200” (one of many possible codes) signifies a successful transfer. The “654” is the total number of bytes that were transferred. The numeric IP addresses of remote requesting machines, rather than their hostnames, are logged because it can take a significant amount of time to look up and convert each numeric IP address to a hostname, and this would slow Apache’s performance significantly. Apache includes the logresolve command that you can use to convert the IP addresses to hostnames off-line. The following example usage of logresolve creates the file /tmp/access_log.hostnames from access_log:

 # /usr/local/apache2/bin/logresolve < /usr/local/apache2/log/access_log > /tmp/access_log.hostnames

The following is an entry in the error_log file that indicates a request for a nonexistent directory from the remote host at 69.93.197.146:

 [Tue May 16 21:28:49 2006] [error] [client 69.93.197.146] File does not exist: /var/www/html/blogs

The suexec.log file contains messages from Apache that are generated by the suexec facility. It is useful for debugging file permission problems with CGI applications that must run through suexec.

The Apache log files can grow very large over time, especially the access_log file, sometimes even filling up whole file systems on busy web sites if left alone. On Linux distributions, the Apache log files are usually archived and compressed as needed when they reach a certain size or age through the logresolve facility, which is typically executed nightly via a cron job. On UNIX systems, the native equivalent of logresolve should be used. On Solaris, the following logadm command limits the size of Apache’s access_log file to 10 MB. When access_log exceeds 10 MB, it will be renamed and compressed, and a new access_log file will be created:

 # logadm −w /var/log/sshd_auth.log −s 10m −z 0




UNIX. The Complete Reference
UNIX: The Complete Reference, Second Edition (Complete Reference Series)
ISBN: 0072263369
EAN: 2147483647
Year: 2006
Pages: 316

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net