How To Use Apache Access Log & Apache Error Log

Getting server feedback helps you to manage your web servers effectively.

Apache web servers keep a record of their activities on their logs, enabling web admins to stay updated on their server events and troubleshoot problems. It records all website visitors and logs server problems in separate logs—access and error logs.

This article guides you on what you need to know on Apache server logs, exploring what they mean, how to access, read and configure them.

So, let’s get started.

Types of Apache Logs

Apache supports log files that let users receive regular feedback on their web servers. As a result, most web admins often rely on them as their primary source of information when troubleshooting websites.

The Apache access and error log files are essential aspects of your web environment, so let’s explore them quickly.

Apache Access Log

The Apache access log records data for every request processed by the Apache server. 

It logs the information of all visitors to your website, including the files they viewed, server response status code, the time it took the server to respond, the visitors’ IP addresses, and web browser types.

The Apache access file helps you become a better web admin, and some of the scenarios it can come through for you are:

  • Helping you identify why a common request is failing for visitors trying to access a particular page.
  •  Pinpointing Pages that take time to load.
  • Letting you see commonly requested resources, which could help you optimize your content strategy.

Where to Find the Access Log

Scala Hosting users can quickly find their Apache access file in their SPanel home directory or logging in to their remote server via SSH access.

Let’s explore each of these options.

Via Spanel – To access your Apache Access log via Spanel—Scala Hosting’s all-in-one control panel, visit www.domain.com/spanel/login, to open the SPanel login page, of course, replacing domain.com with your domain name.

How To Use Apache Access Log & Apache Error Log

Please input your email address (or username) and password to log in.

SPanel takes you to your admin dashboard if you use admin access but logs you to your account’s control panel if you sign in as a user.

Step 1: Choose your Account 

You can only access the log file on the domain’s control panel. 

Now, to get to your control panel from the admin dashboard, scroll to its QUICK LINKS section and click List Accounts.

How To Use Apache Access Log & Apache Error Log

Find the domain’s control panel accounts from the account list, then click Actions > Login to log in to its control panel.

How To Use Apache Access Log & Apache Error Log

Step 2: Open File Manager

When logged in, go to the TOOLS section of the control panel, and click File manager to open the home directory.

How To Use Apache Access Log & Apache Error Log

Scroll through your home directory till you get to the access.logs file, right-click it and select Download to save a copy to your local computer.

How To Use Apache Access Log & Apache Error Log

Via SSH Access – Secure Shell (SSH) access allows users to run commands on their remote servers effortlessly. 

To find your Apache access log via this option, connect to your remote server via SSH and run the command below.

Sudo locate access.log

Reading Apache Access Log

Making sense of the access log requires knowing how Apache logs the file. 

The Custom log directive or module lets you define within your Apache config file where you want to store the log and the format you want Apache to log the access entries.

Understanding the Apache access log format demystifies reading the log. 

So, let’s explore this by unbundling the Common Log Format (CLF)—Apache’s default log format:

  • LogFormat “%h %l %u %t \”%r\” %>s %b” common.

The log format returns Apache access log entries that are similar to the one below:

  • 127.0.0.1 – john [9/Jul/2021:10:34:12 -0500] “GET /sample-image.png HTTP/2” 200 1479

Now let’s examine the tags in the above common log format string to understand what each section means:

S/N Sections Meaning
1 %h Visitors IP address
2 %I The client’s identity. Apache uses the client’s machine’s identd to determine this and often returns a hyphen if it’s not available. 
3 %u Client’s userID (for authenticated requests).
4 %t Date and time of the request
5 \”%r\” The request type, requested resource path, and the HTTP protocol the client used 
6 %>s Server response status code
7 %b Size of the requested resource

Apache Error Log

The Apache error log records data for all issues encountered by the Apache server. 

Most of the errors in Apache logs are minor issues, such as missing files. However, it also uses the error file to record diagnostic information about the server or warnings indicating potential problems with a particular event or configuration.

The location of your error log may vary depending on your Linux distribution, but you can run the grep command to find its exact location – 

$ grep ErrorLog /usr/local/etc/apache22/httpd.conf

$ grep ErrorLog /etc/apache2/apache2.conf

$ grep ErrorLog /etc/httpd/conf/httpd.conf

The ErrorLogFormat directive lets you define the format of your Apache error log, and it often takes this form –

ErrorLogFormat “[%t] [%l] [client %a] %M”

Where:

  • %t is the day, date and time the Apache server reported the error
  • %I is the message level such as fatal, notice, error, and others.
  • %a specifies the client’s IP address (if it exists).
  • %M is the error message.

 A typical Apache error log looks thus –

[Fri Jul 09 04:06:13 2021] [error] [client 1.2.3.4] File does not exist: /var/www/html/robots.txt

Configuring Apache Logs

Apache comes with a highly configurable logging framework that lets users set their preferred logging behavior. So, let’s examine some of the ways you can configure your Apache logs.

The “CustomLog” Directive

Apache Custom Log Format is the standardized logging format for most web servers. 

It’s the default Apache log format. CSF produces straightforward access logs most web admins can easily understand. Also, most log analysis platforms often use CLF-formatted log files. 

On the other hand, the CustomLog directive lets users specify their log file locations and define their log format. Thus, the directive can help extend the capabilities of your CLF, enabling you to get more granular with your access logs.

You’ll notice some of these capabilities as we proceed with the article.

Combined Log Format

The Combined Log Format is similar to the CSF but adds extra sections to provide more information for analysis and debugging.

The format takes this form:

  • LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-agent}i\” common
  • CustomLog “logs/access_log” common

An Apache access log under this format will look thus –

127.0.0.1 – John [8/Jul/2021:13:55:36 -0700] “GET /apache_pb.gif HTTP/1.0” 200 2326 “http://www.domain.com/promo.html” “Mozilla/4.08 [en] (Win10; I ;Nav)”

Now, notice the additional fields in green highlight, they are:

  • “http://www.domain.com/promo.html” (\”%{Referer}i\”) is the HTTP referer, representing the URL originating the request.
  • “Mozilla/4.08 [en] (Win10; I ;Nav)” (\”%{User-Agent}i\”) is the user-agent and it specifies the client’s browser. 

Multiple Access Logs

The multiple CustomLog directive lets you configure numerous access logs for your Apache server. All it requires is adding an extra CustomLog directive to create the multiple access logs, as shown below. 

LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined

LogFormat “%{User-agent}i” agent

CustomLog /var/log/apache2/access.log combined

CustomLog /var/log/apache2/agent_access.log agent

Log Rotation and Piped Log

Apache log files easily take up space, including a moderately busy server. 

On average, 10,000 server requests can grow the log by 1 MB, making it necessary to regularly rotate the log files by moving or deleting old logs.

Sadly, this can’t happen while the server is running because Apache will continue to write to the old file as long as it holds the file open, but restarting the server after moving or deleting the old logs ensures it opens new log files. 

Unfortunately, restarting the server interrupts clients’ activities, making a graceful restart and piped log processes a no-brainer.

The former restarts Apache servers without losing clients’ connections, enabling Apache to open and write to new log files without interruptions. In contrast, piped log processes allow log rotation without a server restart.

Rather than writing directly to a file, it enables Apache to write error and access log files through a pipe to another process. 

The Apache HTTP servers’ rotatelog program enables this capability, and it also comes with options to rotate logs conditionally based on size and time, like every 24 hours.

 

Other Apache Logs and Log-Related Modules

Other Apache logs and modules are:

  • The conditional log lets users exclude specific entries from the access log based on the client request’s characteristics.
  • The mod_log_forensic module allows logging before and after processing a request, thus containing two log lines for each request. In addition, it assigns a unique ID to each entry to enable tracing events between the forensic log and normal log.
  • Mod_logio is a default Apache module that adds two additional fields (%O and %I) that allow logging the actual number of bytes received and sent over the network.

Need Support?

If you have questions regarding Apache logs or need help accessing, interpreting, or configuring your Apache log files, kindly reach out to our support, and we’ll be glad to help.

Rado

Author

Working in the web hosting industry for over 13 years, Rado has inevitably got some insight into the industry. A digital marketer by education, Rado is always putting himself in the client's shoes, trying to see what's best for THEM first. A man of the fine detail, you can often find him spending 10+ minutes wondering over a missing comma or slightly skewed design.

Write a Comment

Required*