apache Log File Introduction

This section addresses the various flavors of web server logs.

Web Server Logs Top of Page

Web logs are one of the most important tools a system administrator can have. A variety of information can be logged, and it can be logged in a variety of ways. We won't be working with custom log creation or manipulation in this course. However, knowing where to look and what to look at is the topic of this section.

Figure 6.15. Web Logs Image #1 Top of Page

Web logs image #1.

The screenshot above shows the contents of the '/var/log/httpd' directory, which is the default location for apache log files. The log files that are listed are described below:

  1. access_log - this is the log file for the main web server that logs all visits to the site.
  2. access_log-20160731 - this is a rotated archive of the access log.[19]
  3. apache-subdomain-error_log - a sub-domain error log. We'll be setting these up in the section called "apache Virtual Host Introduction".
  4. apache-subdomain-error_log-20160731 - sub-domain rotated error log.
  5. apache-subdomain-requests_log - sub-domain request log. The 'request' logs grab a bit more information than the 'access' logs.
  6. apache-subdomain-requests_log-20160731 - sub-domain rotated request log.
  7. error_log - main web server log file where all errors are recorded.
  8. error_log-20160731 - rotated version of main web site error log.
  9. ssl_access_log - access log for ssl portion of the server. Note that it has '0' content. That's because ssl isn't set up on the server.
  10. ssl_error_log - error log for ssl portion of the server. Note the '0' content.
  11. ssl_request_log - request log for ssl portion of the server. Note the '0' content.

Figure 6.16. Web Server Error Log Image #1 Top of Page

Web Server Error Log Image #1

In this image, you can see that I've "catted" the error log. Note that, in this screen shot, it's showing runtime errors from the server. The next screen shot gives another perspective.

Figure 6.17. Web Server Error Log Image #2 Top of Page

Web Server Error Log Image #2

This image shows not only runtime errors from the server, but access errors as well. These log files are extremely helpful when troubleshooting the server. You can see several important pieces of information, including a) time of error, b) IP address of requesting entity, c) what caused the error[20], etc.

[Note] Use of the `tail -f` Command

The command `tail -f <file-to-tail>` will follow the file given for changes. One can use this command, watching the results, while accessing the web site, and the results are shown in real time.

This image also shows how to stop the `tail -f` command: press CTRL + C.

[19] The rotation routine is set in place and occurs automatically by an entity known as logrotate. It's versatile and configurable. To learn more, go to '/etc/logrotate' or try `man logrotate`.

[20] In the instances listed of files not found, these files do not exist on the server. These errors are generated as a consequence of the server being probed for weaknesses in security. Unfortunately, these actions are common and can be trapped and prevented.