Home » Improve your website by getting to know your log files.

Getting to know your Apache HTTPD Web Server log files

Improve your website by getting to know your log files.

What are Apache web server log files?

When someone visits your website they are making requests on your web server. The details of these requests are recorded in your web server log files. Most websites in the World run on Apache web servers and that’s what I’m going to be talking about in this article. If your website is using another type of web server (for example Microsoft IIS), the principles are the same but the commands and tools you need to use to analyse the files will differ.

Types of Apache log files

By default the Apache (HTTPD) web server creates two log files, ‘acccess_log‘ and ‘error_log‘ 

Apache error log file location

If you are not sure where these files are on your server then you will need to look at your server config. You should find two lines like these:

CustomLog  /var/www/yoursite.com/statistics/logs/access_log
ErrorLog  /var/www/yoursite.com/statistics/logs/error_log

These tell the Apache web server where to write the log files.

What gets logged?

Unless you have specifically reconfigured your web server it will probably be writing log files in the Common Logfile Format (CLF). The log file will contain records like the one below: – – [10/May/2009:17:44:17 +0100] “GET /store/product-images/PC1.jpg HTTP/1.1” 200 16989 “http://www.yoursite.com/store/Page/158/PC1.html” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv: Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

This may look complicated and might put you off going any further but it really is very simple. Lets break this down one element at a time. This is the IP address from where the request on your web server was made.

– You will generally always just see a hyphen in this field.  It should contain the id of the person making the request but for security reasons this is seldom enabled and would be unreliable if present as it would be easily spoofed by hackers.

– You will also generally see a hyphen in this field.  If your website protects some pages or directories by using HTTP authentication you will see the user id of the person making the request in this field, once they have been authenticated.

[10/May/2009:17:44:17 +0100] The date the page was requested. (It’s a good idea to check the time on your server is accurate, with daylight saving and servers being hosted in other countries they can be an hours or two out.)

“GET /store/product-images/PC1.jpg HTTP/1.1” the request made by the web browser or search engine.

200 the HTTP status code the server gave in response to the request.  This is explained in more detail below.

6989 the number of bytes sent back to the person who made the request.

“http://www.yoursite.com/store/Page/158/PC1.html” the referring site or page.

“Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv: Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)” the browser/ search engine bot / platform string.

What to look out for in your Apache log files.

When I look at log files I typically start by looking for requests, which have resulted in a 404 response.  This means that someone has requested a page (or resource such as a graphic), which doesn’t exist. If you find this happening then look at the referring site or page.  If the referrer is you own site then you need to get this broken link fixed.  If the request is coming from another site you might need to contact the sites owner and ask them to update the link.  In the real world getting a site owner to update a link can be quite difficult, therefore if the error is happening a lot consider setting up a 301 Permanently Moved redirect.

Once you’ve addressed any 404 errors, you should then review any requests, which have resulted in a 500 response. Status 500 indicates a runtime error on your web server typically when generating a dynamic CGI (PHP, JSP, ASP etc) type web page. Look at the time this error happened and then look around that time in the error_log file for more information.

Apache httpd log analyzer

As you have seen above, the format of the Apache log files is quite simple. You don’t need specialist or expensive software to process these files. If you know some basic Python coding, you can use the https://pypi.org/project/apachelogs/ module to parse these files. From there you can, for example extract all the 404’s and put the list into Excel for detailed analysis.

In a future article I will look in more detail at other status codes and some of the tools you can use to explorer you log files.

If you have any tips for great ways to use log files or questions please leave a comment below.

You May Also Like…

Find similar blogs in these categories: Linux | Web Servers
Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.