How to View Apache Access & Error Log Files | PhoenixNAP KB

Introduction

Apache is part of the LAMP software stack for Linux (Linux, Apache, MySQL, PHP). Apache is responsible for serving web pages to people who look at your website.

The server grants access for visits to your website and keeps an access log. These logs, or log files, can be a valuable source of information about your website, usage, and audience.

In this tutorial, you will learn how to view Apache access log files.

Prerequisites

A

  • Linux system running
  • Apache web services

  • A user account with root access (sudo
  • )

  • Terminal window (Ctrl-Alt-T on Ubuntu, Alt-F2 on CentOS)

Viewing

Apache Access Logs

Use cPanel to download raw access files

If you are logged into a web server with cPanel, you can download Apache access logs through a graphical interface

.

1. Find the section labeled Metrics.

2. Click Raw Access. If archiving is enabled, the raw Apache log files can be downloaded at the bottom of the page. They will look like standard hyperlinks, tagged for the website you are managing.

When you click the hyperlink, you are prompted to save or open the file. These log files are compressed with gzip, so if you’re not using a Linux system, you may need a decompression tool. Save the file to a location of your liking.

3. Locate the file on your operating system, then right-click > extract. A new file without the .gz extension should appear.

4. Right-click > edit to open the file in your favorite text editor to view the contents.

Using Terminal Commands to Display Local Access Logs If you are

working on the machine hosting Apache, or if you are logged into that machine remotely, you can use the terminal to display and filter the contents of access logs.

By default, you can find the Apache access log file at the following path:

/var/log/apache/access.log/

  • var/log/apache2/access.log
  • /

  • etc/httpd/logs/access_log

Use the GUI or terminal with the cd command to navigate your system and find where logs are stored.

Step 1: Show the last 100 access log entries

In the terminal window, enter the following:

sudo tail -100 /var/log/apache2/access.log The

tail command tells the machine to read the last part of the file, and the -100 command directs it to display the previous 100 entries.

The final part, /var/log/apache2/access.log tells the machine where to look for the log file. If your log file is in a different location, be sure to substitute your machine’s path to the Apache log files.

Step 2: Show a specific term from the access logs

Sometimes, you just want to display a specific type of entry in the log. You can use the grep command to filter the report by specific keywords.

For example, enter the following in a terminal:

sudo grep GET /var/log/apache2/access.log

Like the previous command, this aspect of the /var/log/apache2/access.log file to display the contents of the access log. The grep command tells the machine to only display entries with the GAT request.

You can also replace other Apache commands. For example, if you’re looking to monitor access to .jpg images, you can substitute .jpg for GET. As before, use the actual path to the server log file.

How

to View Apache Error Logs In addition to the access log,

you can use the terminal commands mentioned above to view the

error log.

Enter the following command in the terminal:

sudo tail -100 /var/log/apache2/error.log If you found the access log file in another location

, the error log file will be in the same location. Make sure you type the correct path.

Interpreting the

access log in Apache

When you open your access log file for the first time, you may feel overwhelmed

.

There is a lot of information about HTTP requests, and some text editors (and the terminal) will wrap the text to the next line. This can make it confusing to read, but each piece of information is displayed in a specific order.

The conventional method for expressing the format

of access log files is: “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-agent}i””

This is a code for the most common things on each line of the

log.

Each % sign corresponds to a piece of information in the record

: %

  • h – The IP address of the client (the source of the access request).
  • %l: The next entry may simply be a hyphen, which means that no information was retrieved. This is the result of checking identd on the client.
  • %u: Client user ID, if the access request required http authentication.
  • %t: Timestamp of the incoming request.
  • %r: Request line used. This tells you the http method (GET, POST, HEAD, and so on), the path to what was requested, and the http protocol being used.
  • %>s: Status code returned by the server to the client.
  • %b – Size of the requested resource.
  • “%{Referer}i” – This tells you whether the access came from clicking on a link on another website or other ways the customer was referred to your page.
  • “%{User-agent}i” – Provides you with information about the entity making the request, such as web browser, operating system, website source (in the case of a robot), etc.

Simply read through the line in your log file, and each entry can be decoded as above. If there is no information, the log will display a hyphen. If you are working on a preconfigured server, the log file may have more or less information. You can also create a custom log format by using the custom log module.

For more information about decoding log formats, see this page.

How to Use Data in Apache Log Files

Apache log analysis gives you the opportunity to measure the ways customers interact with your website

.

For example, you can look at a timestamp to find out how many access requests come in per hour to measure traffic patterns. You can check the user agent to find out if individual users are logging on to a website to access a database or create content. It could even track failed authentications to monitor various types of cybersecurity attacks against your system.

The Apache error log can be used in a similar way. Often, it is simply used to see how many 404 errors are being generated. A 404 error occurs when a customer requests a missing resource, and this can alert them to broken links or other errors within the page. However, it can also be used to find configuration flaws or even warnings about potential server issues.

Conclusion

This guide provided methods for extracting data to view Apache access log files

.

The access.log file is an excellent resource for measuring the ways clients interact with your server. The .log file error can help you fix problems with your website.