Logs and Monitoring for Apache Servers | WebReference

Logs and Monitoring for Apache Servers


Logs and Monitoring for Apache Servers

Daniel Lopez
Excerpted from Apache Phrasebook, published by Pearson Education, Sams Publishing © 2006

Introduction to Logging in Apache

In addition to the error logging functionality described in the previous chapter, Apache provides extensive facilities for recording information about every aspect of a request. This chapter covers the most common issues found when logging requests, such as conditional logging, log rotation, resolution of IP addresses, and piped logging. It also covers a number of bundled and third-party modules and utilities for monitoring the status of your Apache server and to analyze its logs.

Default Apache Log Files

Apache provides a number of monitoring and logging facilities to track the correct operation of the server. The default Apache configuration provides two log files, placed inside the logs directory of the installation directory:

  • The access_log file (access.log in Windows) contains information about the requests that have been served by the server, such as the URL requested, the IP address of the client, and whether the request completed successfully or not.
  • The error_log file (error.log in Windows) contains information related to error conditions, as well as different events in the lifecycle of the server.

Creating Log Formats

The LogFormat directive allows you to tell Apache which aspects of the request you want to record. You will still need additional directives to tell Apache where to log that information, but that is addressed in the next section. This example shows the configuration for the two most popular formats, the Common Log Format and the Combined Log Format. When Apache receives a request, it will substitute each one of the fields prefixed by a % with the corresponding request attribute. If you are using the CLF, each entry in your log file will look like this:

If you are using the combined common format, each entry in your log file will look like this:

Although the appendix provides a comprehensive logging format reference, this list describes the most important fields:

  • %h: The IP address of the client that sent the request to the web server, or the client's hostname if you have HostNameLookups enabled ( in this example.)
  • %u: The user id of the user who sent the request determined by HTTP authentication (someuser in the example). See Chapter 6 for more details on how to configure HTTP-based authentication.
  • %t: Time when the request was received by the server.
  • %r: Text of the original request line from the client including the HTTP method used, the resource requested, and the HTTP protocol version used by the client's browser ("GET /example.png HTTP/1.0" in the example).
  • %>s: The final HTTP request status code that the web server sends back to the client (200 in the example, indicating that the request was completed successfully).
  • %b: The size in bytes of the object sent to the client in response to the request excluding the response headers (1234 in the example).

The combined log format extends the common log format with two additional fields. It is defined as

  • %{Referer}i: The Referer HTTP request header; that is, the web page that referred to the current document (http://www.example.com/index.html in the example).
  • %{User-agent}i: The User-agent HTTP request header. It includes information about the client's browser ("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7)" in the example).