Apache Log Files

From WebarchDocs
Jump to: navigation, search

The Webarchitects, Ecohost and Ecodissident shared hosting servers use the Apache web server and clients have access to the log files, following are some details about how they the logging is configured and how to access these files.

If you want some useful web site usage stats then we suggest using our Piwik server for this, the Apache logs are more suited to tracking down errors and abuse.

Webarchitects and Ecodissident Servers

On our shared hosting servers you will find the error and access logs from Apache in ~/logs/ if you login using SFTP, the log files are not accessible via the web.

The key things to note are:

  • 28 days worth of log files are kept.
  • The latest files, the ones which are being written to, are called access.log and error.log.
  • You only have read permission on the logs and the directory they are in, you cannot edit or delete logs but you can download them with SFTP.
  • The error.log is worth inspecting on a regular basis for problems with scripts.
  • The log files are rotated each night, yesterdays files have the date in the format -20150320 appended to the filename and all older logs are gz compressed and have .gz appended to the file name.

Log format

The access log format is based on the NCSA extended/combined log format and these are the Apache directives used to define the logging for each VirtualHost:

LogLevel error
ErrorLog  /home/example/logs/error.log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
CustomLog /home/example/logs/access.log combinedio

See the Apache documentation for information about the error log, an example access_log line:

81.95.52.96 - - [12/Oct/2012:11:25:58 +0100] "GET /docs HTTP/1.1" 200 3623 "http://webarch.net/docs/hosting-logs" "Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1" 1224 6793
  • %h Remote host, the IP address of the request.
  • %l Remote logname, this will never have a value as IdentityCheck is off, it’s just included for backwards compatability.
  • %u Remote user if htauth is being used (may be bogus if return status (%s) is 401)
  • %t Time the request was received in the format [day/month/year:hour:minute:second zone]
  • %r First line of the request
  • %>s The final HTTP status code, see full list of possible status codes in the HTTP 1.1 specification (RFC2616 section 10).
  • %b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a ‘-’ rather than a 0 when no bytes are sent.
  • %{Referer} The “Referer” (sic) HTTP request header, this is provided by the client request so it may be bogus.
  • %{User-Agent} The User-Agent HTTP request header, this is provided by the client request so it may be bogus.
  • %I Bytes received, including request and headers.
  • %O Bytes sent, including headers.

For more information see the Apache 2.2 documentation:

Log rotation

The logs are rotated using logrotate and this custom script:

/home/*/logs/*log {
        daily
        missingok
        rotate 28
        compress
        delaycompress
        notifempty
        create 644 root root
        dateext
        sharedscripts
        postrotate
                /etc/init.d/apache2 reload > /dev/null
        endscript
}

Ecohost ISPConfig Servers

The Apache log files are in ~/log, a months worth of access logs are kept, there is a symlink to access.log which is the current log file. The files names are in the form 20150320-access.log and files older than yesterdays are GZ compressed, eg 20150318-access.log.gz. There is no rotation of the error.log.