I’ve installed Apache, PHP, and MySQL on Ubuntu 10.10 desktop edition, and it’s working fine.
Except I have no clue where to look for Apache or PHP log files.
kiri
27.5k16 gold badges80 silver badges117 bronze badges
asked Nov 24, 2010 at 18:58
By default, /var/log/apache2/error.log
.
This can be configured in /etc/php5/apache2/php.ini
.
answered Nov 24, 2010 at 19:18
misterbenmisterben
7,1873 gold badges22 silver badges27 bronze badges
5
Check these settings in php.ini
:
error_reporting = E_ALL | E_STRICT
(as recommended for development in php.ini)error_log = /var/log/php_errors.log
-
Then create log file manually
touch /var/log/php_errors.log chown www-data: /var/log/php_errors.log chmod +rw /var/log/php_errors.log
Now you can view PHP errors by this way
tail /var/log/php_errors.log
This is an agreeable solution to this issue for me.
answered Sep 7, 2012 at 23:13
2
You can also define a specific error log file for each VirtualHost in Apache. If you have any VirtualHost defined in /etc/apache2/sites-available/
and enabled in /etc/apache2/sites-enabled
(enable with sudo a2ensite [your-virtualhost-definition-file]
), you can change the error log by adding the following line inside your VirtualHost config:
ErrorLog ${APACHE_LOG_DIR}/[your-vhost]-error.log
That might be useful if you have a lot of vhosts and want to split where they report the errors.
Also, you can watch your error log live by issuing the following command (adapt to your own log file if different from the default):
sudo tail -f /var/log/apache2/error.log
This is particularly useful when doing live debugging.
Eliah Kagan
116k54 gold badges315 silver badges489 bronze badges
answered Jun 3, 2012 at 21:52
ywarnierywarnier
4414 silver badges4 bronze badges
1
If Apache was setup with Webmin/Virtualmin there is a separate folder for each VirtualHost.
It is
~/logs
folder for each VirtualHost user.
These are two files:
~/logs/access_log
and
~/logs/error_log
So they are
/home/onedomain/logs/access_log
/home/onedomain/logs/error_log
/home/anotherdomain/logs/access_log
/home/anotherdomain/logs/error_log
...
etc.
To view log files for each particular domain login as VirtualHost owner user of that hostname and run
tail -f ~/logs/error_log
answered Apr 1, 2018 at 12:18
IlyichIlyich
1413 bronze badges
If you use a bitnami distribution, it is at:
tail /opt/bitnami/apache2/logs/error_log
Bitnami distributions have their own directory structure. I had to find what it was for my server, and this is where it resides by default for bitnami. I would assume lots of people are looking for the same thing when using a bitnami distribution.
For more info see here: https://docs.bitnami.com/bch/infrastructure/lamp/troubleshooting/debug-errors-apache/
answered Oct 24, 2021 at 19:37
0
I’ve installed Apache, PHP, and MySQL on Ubuntu 10.10 desktop edition, and it’s working fine.
Except I have no clue where to look for Apache or PHP log files.
kiri
27.5k16 gold badges80 silver badges117 bronze badges
asked Nov 24, 2010 at 18:58
By default, /var/log/apache2/error.log
.
This can be configured in /etc/php5/apache2/php.ini
.
answered Nov 24, 2010 at 19:18
misterbenmisterben
7,1873 gold badges22 silver badges27 bronze badges
5
Check these settings in php.ini
:
error_reporting = E_ALL | E_STRICT
(as recommended for development in php.ini)error_log = /var/log/php_errors.log
-
Then create log file manually
touch /var/log/php_errors.log chown www-data: /var/log/php_errors.log chmod +rw /var/log/php_errors.log
Now you can view PHP errors by this way
tail /var/log/php_errors.log
This is an agreeable solution to this issue for me.
answered Sep 7, 2012 at 23:13
2
You can also define a specific error log file for each VirtualHost in Apache. If you have any VirtualHost defined in /etc/apache2/sites-available/
and enabled in /etc/apache2/sites-enabled
(enable with sudo a2ensite [your-virtualhost-definition-file]
), you can change the error log by adding the following line inside your VirtualHost config:
ErrorLog ${APACHE_LOG_DIR}/[your-vhost]-error.log
That might be useful if you have a lot of vhosts and want to split where they report the errors.
Also, you can watch your error log live by issuing the following command (adapt to your own log file if different from the default):
sudo tail -f /var/log/apache2/error.log
This is particularly useful when doing live debugging.
Eliah Kagan
116k54 gold badges315 silver badges489 bronze badges
answered Jun 3, 2012 at 21:52
ywarnierywarnier
4414 silver badges4 bronze badges
1
If Apache was setup with Webmin/Virtualmin there is a separate folder for each VirtualHost.
It is
~/logs
folder for each VirtualHost user.
These are two files:
~/logs/access_log
and
~/logs/error_log
So they are
/home/onedomain/logs/access_log
/home/onedomain/logs/error_log
/home/anotherdomain/logs/access_log
/home/anotherdomain/logs/error_log
...
etc.
To view log files for each particular domain login as VirtualHost owner user of that hostname and run
tail -f ~/logs/error_log
answered Apr 1, 2018 at 12:18
IlyichIlyich
1413 bronze badges
If you use a bitnami distribution, it is at:
tail /opt/bitnami/apache2/logs/error_log
Bitnami distributions have their own directory structure. I had to find what it was for my server, and this is where it resides by default for bitnami. I would assume lots of people are looking for the same thing when using a bitnami distribution.
For more info see here: https://docs.bitnami.com/bch/infrastructure/lamp/troubleshooting/debug-errors-apache/
answered Oct 24, 2021 at 19:37
0
25 ноября, 2015 11:53 дп
16 097 views
| Комментариев нет
Ubuntu
Веб-сервер Apache может предоставлять администратору много полезной информации о своей работе, а также о проблемах и ошибках, которые нужно устранить.
Вовремя настроенное журналирование позволяет в дальнейшем избежать неожиданных проблем с веб-сервером. Информация, хранящаяся в логах (или журналах) сервера, помогает быстро оценить ситуацию и устранить ошибки. Apache предоставляет очень гибкий механизм журналирования.
Данное руководство знакомит с возможностями журналирования Apache и предназначенными для этого инструментами.
Примечание: В данном руководстве используется Apache2 на сервере Ubuntu 12.04, но инструкции подойдут и для других дистрибутивов.
Уровни логирования
Apache делит все уведомляющие сообщения на категории в зависимости от важности соощения.
Для этого существуют уровни логирования. К примеру, наиболее важные сообщения, уведомляющие о критических ошибках и сбоях, существует уровень emerg. А сообщения уровня info просто предоставляют полезные подсказки.
Существуют следующие уровни логирования:
- emerg: критическая ситуация, аварийный сбой, система находится в нерабочем состоянии.
- alert: сложная предаварийная ситуация, необходимо срочно принять меры.
- crit: критические проблемы, которые необходимо решить.
- error: произошла ошибка.
- warn: предупреждение; в системе что-то произошло, но причин для беспокойства нет.
- notice: система в норме, но стоит обратить внимание на её состояние.
- info: важная информация, которую следует принять к сведению.
- Debug: информация для отладки, которая может помочь определить проблему.
- trace[1-8]: Трассировка информации различных уровней детализации.
При настройке логирования задаётся наименее важный уровень, который нужно вносить в лог. Что это значит? Логи фиксируют указанный уровень логирования, а также все уровни с более высоким приоритетом. К примеру, если выбрать уровень error, логи будут фиксировать уровни error, crit, alert и emerg.
Для настройки уровня логирования существует директива LogLevel. Уровень логирования по умолчанию задан в стандартном конфигурационном файле:
sudo nano /etc/apache2/apache2.conf
. . .
LogLevel warn
. . .
Как видите, по умолчанию Apache вносит в лог сообщения уровня warn (и более приоритетных уровней).
Где находятся логи Apache?
Apache может разместить свои логи, используя общесерверные настройки ведения логов. Также можно настроить индивидуальное логирование для каждого отдельного виртуального хоста.
Общесерверные настройки логирования
Чтобы узнать, где находятся стандартные логи сервера, откройте конфигурационный файл. В Ubuntu это /etc/apache2/apache2.conf:
sudo nano /etc/apache2/apache2.conf
Найдите в файле строку:
ErrorLog ${APACHE_LOG_DIR}/error.log
Данная директива указывает на расположение лога, в котором Apache хранит сообщения об ошибках. Как видите, для получения префикса пути к каталогу используется переменная среды APACHE_LOG_DIR.
Чтобы узнать значение переменной APACHE_LOG_DIR, откройте файл envvars:
sudo nano /etc/apache2/envvars
. . .
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
. . .
Согласно этому файлу, переменная APACHE_LOG_DIR настроена на каталог /var/log/apache2. Это означает, что Apache соединит это значение с директивой в конфигурационном файле apache2.conf и будет вносить данные в лог /var/log/apache2/error.log.
sudo ls /var/log/apache2
access.log error.log other_vhosts_access.log
Как видите, тут находится лог ошибок error.log и несколько других логов.
Логирование виртуальных хостов
Файл access.log, упомянутый в конце предыдущего раздела, не настраивается в файле apache2.conf. Вместо этого разработчики поместили соответствующую директиву в файл виртуального хоста.
Откройте и просмотрите стандартный виртуальный хост:
sudo nano /etc/apache2/sites-available/default
Пролистайте файл и найдите следующие три значения, связанные с логированием:
. . .
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
. . .
Местонахождение ErrorLog совпадает с его определением в стандартном конфигурационном файле. Эта строка не обязательно должна находиться в двух отдельных файлах; при изменении местонахождения этого лога в одном из файлов ошибки не возникнет.
Пользовательские логи
В предыдущем разделе строка, описывающая access.log, использует не такую директиву, как предыдущие строки для настройки логов. Она использует CustomLog:
CustomLog ${APACHE_LOG_DIR}/access.log combined
Эта директива имеет такой синтаксис:
CustomLog log_location log_format
В данном случае log_format (формат логов) является комбинированным (combined). Эта спецификация не является внутренней спецификацией Apache; она задаёт пользовательский формат, который определен в конфигурационном файле по умолчанию.
Снова откройте конфигурационный файл по умолчанию и найдите строку, определяющую формат combined:
sudo nano /etc/apache2/apache2.conf
. . .
LogFormat "%h %l %u %t "%r" %>s %O "{Referer}i" "%{User-Agent}i"" combined
. . .
Команда LogFormat определяет пользовательский формат логов, вызываемых директивой CustomLog.
Этот формат называется комбинированным (combined).
Примечание: Подробнее о доступных форматах можно узнать здесь.
Существует еще несколько распространённых форматов, которые можно использовать в определении виртуальных хостов. Можно также создавать свои собственные форматы.
Ротация логов Apache
Ротация логов – это процесс, подразумевающий отключение устаревших или слишком объёмных лог-файлов и их архивирование (на установленный период времени). Apache может вносит в лог довольно большие объёмы данных, следовательно, во избежание заполнения дискового пространства необходимо настроить ротацию логов.
Ротация логов может быть очень простой (как, например, отключение слишком больших логов), а может иметь и более сложную конфигурацию (то есть, функционировать как система архивирования и хранения старых логов).
Рассмотрим методы настройки ротации логов Apache.
Ротация логов вручную
Перемещать логи во время работы Apache нельзя. То есть, чтобы переместить в архив устаревшие или заполненные логи и заменить их новыми, нужно перезапустить сервер.
Это можно сделать вручную. Для этого нужно переместить устаревшие файлы, а затем, перезапустив Apache, обновить настройки веб-сервера и заставить его использовать новые логи.
Ниже приведён пример из документации Apache. Возможно, понадобится добавить в начало этих команд sudo.
mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
[post-processing of log files]
Эти команды переместят файлы, перезапустят сервер и скажут ему подождать 600 секунд. Таким образом Apache сможет использовать старые лог-файлы, чтобы завершить регистрацию старых запросов. В течение этого времени новые запросы будут записаны в новые лог-файлы.
Имейте в виду: ротация логов вручную очень ненадёжна в больших серверных средах.
Утилита logrotate
По умолчанию система Ubuntu настраивает ротацию логов при помощи утилиты logrotate.
Данная программа может выполнять ротацию логов при соблюдении определенных критериев. Просмотреть события, включающие Logrotate для ротации логов, можно в файле /etc/logrotate.d/apache2:
sudo nano /etc/logrotate.d/apache2
В нём находится несколько параметров logrotate. Обратите внимание на первую строку:
/var/log/apache2/*.log {
Это значит, что logrotate будет выполнять ротацию только тех логов, которые находятся в /var/log/apache2. Имейте это в виду, если вы выбрали другой каталог для хранения в конфигурации Apache.
Как видите, логи ротируются еженедельно. Также тут есть раздел кода, перезапускающий Apache после ротации:
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
Эти строки автоматически перезапускают веб-сервер Apache после завершения ротации.
Примечание: К сожалению, настройки данного файла не охвачены в данном руководстве.
Ротация логов по каналам
Использование каналов вместо файлов – простой способ передать обработку вывода программе логирования. Это также решает проблему ротации логов, поскольку ротация может выполняться с помощью программы на серверной стороне (а не самим сервером Apache).
Чтобы логи обрабатывались программой логирования, принимающей стандартный вывод, замените следующую строку следующим образом:
CustomLog "| logging_program logging_program_parameters" combined
Apache запустит программу логирования во время загрузки и перезапустит её в случае ошибки или сбоя.
Для ротации логов можно использовать разные программы, но по умолчанию Apache поставляется с rotatelogs. Чтобы настроить эту программу, используйте:
CustomLog "| /path/to/rotatelog /path/of/log/to/rotate number_of_seconds_between_rotations" log_level
Аналогичную конфигурацию можно создать и для других программ.
Заключение
Конечно, это руководство охватывает только основы логирования Apache.
Правильная настройка механизмов логирования и разумное управление лог-файлами сэкономят немало времени и сил в случае возникновения проблем с сервером. Имея быстрый доступ к информации, которая поможет определить проблемы, можно в кратчайшие сроки исправить все ошибки.
Также очень важно следить за логами сервера, чтобы случайно не подвергнуть опасности конфиденциальную информацию.
Tags: Apache, Apache 2, Logrotate, Ubuntu 12.04
At the time of writing, the Apache HTTP server is
used by 30.8% of all web
servers in operation. If you’re responsible for managing any system that
utilizes Apache, then you will surely interact with its logging infrastructure
on a regular basis. This tutorial will introduce you to logging in Apache and
how it can help you diagnose, troubleshoot, and quickly resolve any problem you
may encounter on your server.
You will learn where logs are stored, how to access them, and how to customize
the log output and location to fit your needs. You will also learn how to
centralize Apache logs in a log management system for easier tracing, searching,
and filtering of logs across your entire stack.
🔭 Want to centralize and monitor your Apache logs?
Head over to Logtail and start ingesting your logs in 5 minutes.
Prerequisites
To follow through with this tutorial, you should set up a Linux server that
includes a non-root user with sudo
privileges. Additionally, you also need the
Apache HTTP server installed and enabled on the server, which can be done by
executing the relevant commands below.
On Debian-based distributions like Ubuntu:
sudo systemctl enable apache2
sudo systemctl start apache2
On RHEL, Fedora or CentOS:
sudo systemctl enable httpd
sudo systemctl start httpd
Please note that the rest of the commands, directory configurations, and
conventions used in this tutorial pertain to Debian-based distributions like
Ubuntu. Still, the concepts remain the same for other distributions.
Step 1 — Getting started with Apache logging
Apache logs are files that record everything the Apache web server is doing for
later analysis by the server administrator. The records of all Apache events are
placed in two different text files:
- Access Log: this file stores information about incoming requests. You’ll
find details about each request such as the requested resource, response
codes, time taken to generate the response, IP address of the client, and
more. - Error Log: this file contains diagnostic information about any errors were
encountered while processing requests.
Step 2 — Locating the Apache log files
The log files’ location depends on the operating system the Apache web server is
running. On Debian-based operating systems like Ubuntu, the access log file is
located in /var/log/apache2/access.log
. On CentOS, RHEL, or Fedora, the access
log file is stored in /var/log/httpd/access_log
.
A typical access log entry might look like this:
::1 - - [13/Nov/2020:11:32:22 +0100] "GET / HTTP/1.1" 200 327 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
Similarly, the error log file is located in /var/log/apache2/error.log
on
Debian-based systems and /var/log/httpd/error_log
on CentOS, RHEL, or Fedora.
A typical error log entry might look like this:
[Thu May 06 12:03:28.470305 2021] [php7:error] [pid 731] [client ::1:51092] script '/var/www/html/missing.php' not found or unable to stat
In the next section, we’ll discuss how to view these log files from the command
line.
Step 3 — Viewing Apache Log files
One of the most common ways to view an Apache log file is through the tail
command which prints the last 10 lines from a file. When the -f
option is
supplied, the command will watch the file and output its contents in real-time.
sudo tail -f /var/log/apache2/access.log
You should observe the following output on the screen:
. . .
198.54.132.137 - - [04/Feb/2022:11:34:04 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:04 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:04 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:05 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:06 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:06 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:07 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:07 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
To view the entire contents of the file, you can use the cat
command or open
the file in a text editor like nano
or vim
:
cat /var/log/apache2/access.log
You may also want to filter the log entries in the log file by a specific term.
In such cases, you should use the grep
command. The first argument to grep
is the term you want to search for, while the second is the log file that will
be searched. In example below, we are filtering all the lines that contain the
word GET
:
sudo grep GET /var/log/apache2/access.log
This should present the following output:
. . .
198.54.132.137 - - [04/Feb/2022:11:34:04 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:04 +0000] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:05 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:06 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:06 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:07 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
198.54.132.137 - - [04/Feb/2022:11:34:07 +0000] "GET / HTTP/1.1" 200 3476 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
Step 4 — Examining Apache access log formats
The access log records all requests that are processed by the server. You can
see what resources are being requested, the status of each request, and how long
it took to process their response. In this section, we’ll dive deeper into how
to customize the information that is displayed in this file.
Before you can derive value from reading a log file, you need to understand the
format that is being used for each of its entries. The CustomLog
directive is
what controls the location and format of the Apache access log file. This
directive can be placed in the server configuration file
(/etc/apache2/apache2.conf
) or in your virtual host entry. Note that defining
the same CustomLog
directive in both files may cause problems.
Let’s look at the common formats used in Apache access logs and what they mean.
Common Log Format
The Common Log Format
is the standardized access log format format used by many web servers because it
is easy to read and understand. It is defined in the /etc/apache2/apache2.conf
configuration file through the LogFormat
directive.
When you run the command below:
sudo grep common /etc/apache2/apache2.conf
You will observe the following output:
LogFormat "%h %l %u %t "%r" %>s %O" common
The line above defines the nickname common
and associates it with a particular
log format string. A log entry produced by this format will look like this:
127.0.0.1 alice Alice [06/May/2021:11:26:42 +0200] "GET / HTTP/1.1" 200 3477
Here’s an explanation of the information contained in the log message above:
%h
->127.0.0.1
: the hostname or IP address of the client that made the
request.%l
->alice
: remote log name (name used to log in a user). A placeholder
value (-
) will be used if it is not set.%u
->Alice
: remote username (username of logged-in user). A placeholder
value (-
) will be used if it is not set.%t
->[06/May/2021:11:26:42 +0200]
: the day and time of the request."%r"
->"GET / HTTP/1.1"
— the request method, route, and protocol.%>s
->200
— the response code.%O
->3477
— the size of the response in bytes.
Combined Log Format
The Combined Log Format
is very similar to the Common log format but contains few extra pieces of
information.
It’s also defined in the /etc/apache2/apache2.conf
configuration file:
sudo grep -w combined /etc/apache2/apache2.conf
You will observe the following output:
LogFormat "%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"" combined
Notice that it is exactly the same as the Common Log Format, with the addition
of two extra fields. Entries produced in this format will look like this:
127.0.0.1 alice Alice [06/May/2021:11:18:36 +0200] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
Here’s an explanation of the two additional fields that are not present in the
Common log format:
"%{Referer}i"
->"-"
: the URL of the referrer (if available, otherwise
-
is used)."%{User-Agent}i"
->
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
:
detailed information about the user agent of the client that made the request.
Step 5 — Creating a custom log format
You can define a custom log format in the /etc/apache2/apache2.conf
file by
using the LogFormat
directive followed by the actual format of the output and
a nickname that will be used as an identifier for the format. After defining the
custom format, you’ll pass its nickname to the CustomLog
directive and restart
the apache2
service.
In this example, we will create a log format named custom
that looks like
this:
LogFormat "%t %H %m %U %q %I %>s %O %{ms}T" custom
Open your /etc/apache2/apache2.conf
file and place the line above below the
other LogFormat
lines. It will produce access log entries with the following
details:
%t
: date and time of the request.%H
: the request protocol.%m
: the request method.%U
: the URL path requested.%q
: query parameters (if any).%I
: total bytes received including the request headers.%>s
: final HTTP status code.%O
: number of bytes sent in the response.%{ms}T
: time taken to generate the response in milliseconds.
You can find all other formatting options and their description on
this page.
To enable the custom format for subsequent access log entries, you must change
the value of the CustomLog
directive in your virtual hosts file and restart
the apache2
service with Systemctl.
Open up the default virtual hosts file using the command below:
sudo nano /etc/apache2/sites-available/000-default.conf
Find the following line:
CustomLog ${APACHE_LOG_DIR}/access.log combined
And change it to:
CustomLog ${APACHE_LOG_DIR}/access.log combined
Save the file by pressing Ctrl-O
then Ctrl-X
, then restart the apache2
service using the command below:
sudo systemctl restart apache2
Afterward, make the following request to your server using curl
:
curl --head 'http://<your_server_ip>?name=john&age=30'
You should observe the following response:
HTTP/1.1 200 OK
Date: Mon, 07 Feb 2022 14:21:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 07 Feb 2022 12:57:29 GMT
ETag: "2aa6-5d76d24a738bc"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Content-Type: text/html
Go ahead and view the last 10 messages in the access log file:
sudo tail /var/log/apache2/access.log
The log entry that describes the request will look like this:
[07/Feb/2022:14:21:45 +0000] HTTP/1.1 HEAD /index.html ?name=john&age=30 96 200 255 0
It’s also possible to create multiple access log files by specifying the
CustomLog
directive more than once. In the example below, the first line logs
into a custom.log
file using the custom
log format, while the second uses
the common
format to write entries into access.log
. Similarly, the
combined.log
file contains messages formatted according to the combined
log
format.
CustomLog ${APACHE_LOG_DIR}/custom.log custom
CustomLog ${APACHE_LOG_DIR}/access.log common
CustomLog ${APACHE_LOG_DIR}/combined.log combined
Step 6 — Formatting your logs as JSON
Although many log management systems support the default Apache logging formats,
it might be best to log in a structured format like JSON since that’s the go-to
format for structured logging in the industry and it is universally supported.
Here’s a conversion of our custom
log format into JSON:
LogFormat "{ "timestamp":"%t", "protocol":"%H", "method":"%m", "request":"%U", "query":"%q", "request_size_in_bytes":"%I", "status_code":"%>s", "response_size_in_bytes":"%O", "time_taken_ms":"%{ms}T" }" json
This produces log entries with the following formatting:
{
"timestamp": "[07/Feb/2022:15:09:02 +0000]",
"protocol": "HTTP/1.1",
"method": "HEAD",
"request": "/index.html",
"query": "?name=john&age=30",
"request_size_in_bytes": "96",
"status_code": "200",
"response_size_in_bytes": "255",
"time_taken_ms": "0"
}
Step 7 — Configuring Apache error logs
The server error log contains information about any errors that the web server
encountered while processing incoming requests as well as other diagnostic
information. You can choose where the error messages will be transported to
using the ErrorLog
directive in your virtual host configuration file. This
transport is usually a log file on the filesystem.
Here is an example from default virtual host configuration file
/etc/apache2/sites-available/000-default.conf
:
ErrorLog ${APACHE_LOG_DIR}/error.log
On Debian-based distributions, the default error log is in the
/var/log/apache2/error.log
file, while in Fedora/CentOS/RHEL, it placed in the
/var/log/httpd/error_log
file. If the path argument to ErrorLog
is not
absolute, then it is assumed to be relative to the
ServerRoot.
A common practice is to monitor the error log continuously for any problems
during development or testing. This is easily achieved through the tail
command:
sudo tail -f /var/log/apache2/error.log
You will observe the following output:
[Mon Feb 07 13:03:43.445444 2022] [core:notice] [pid 10469:tid 140561300880448] AH00094: Command line: '/usr/sbin/apache2'
[Mon Feb 07 13:07:31.528850 2022] [mpm_event:notice] [pid 10469:tid 140561300880448] AH00491: caught SIGTERM, shutting down
[Mon Feb 07 13:07:31.626878 2022] [mpm_event:notice] [pid 10864:tid 140224997284928] AH00489: Apache/2.4.41 (Ubuntu) configured -- resuming normal operations
[Mon Feb 07 13:07:31.626980 2022] [core:notice] [pid 10864:tid 140224997284928] AH00094: Command line: '/usr/sbin/apache2'
[Mon Feb 07 13:13:25.966501 2022] [mpm_event:notice] [pid 10864:tid 140224997284928] AH00491: caught SIGTERM, shutting down
[Mon Feb 07 13:13:26.049222 2022] [mpm_event:notice] [pid 11268:tid 139760377875520] AH00489: Apache/2.4.41 (Ubuntu) configured -- resuming normal operations
[Mon Feb 07 13:13:26.049318 2022] [core:notice] [pid 11268:tid 139760377875520] AH00094: Command line: '/usr/sbin/apache2'
[Mon Feb 07 15:08:50.856388 2022] [mpm_event:notice] [pid 11268:tid 139760377875520] AH00491: caught SIGTERM, shutting down
[Mon Feb 07 15:08:50.940561 2022] [mpm_event:notice] [pid 12096:tid 140473452194880] AH00489: Apache/2.4.41 (Ubuntu) configured -- resuming normal operations
[Mon Feb 07 15:08:50.940669 2022] [core:notice] [pid 12096:tid 140473452194880] AH00094: Command line: '/usr/sbin/apache2'
Aside from logging directly to a file, you can also forward your logs to a
Syslog. You can do this by
specifying syslog
instead of a file path as the argument to ErrorLog
:
Step 8 — Customizing the error log format
Like the Apache access logs, the format of the error messages can be controlled
through the ErrorLogFormat
directive, which should be placed in the main
config file or virtual host entry. It looks like this:
ErrorLogFormat "[%{u}t] [%l] [pid %P:tid %T] [client %a] %M"
The above configuration produces a log entry in the following format:
[Mon Feb 07 15:52:57.234792 2022] [error] [pid 24372:tid 24507] [client 20.113.27.135:34579] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
Here’s an explanation of the formatting options used above:
%{u}t
: the current time, including microseconds. %l
: the log level of the
message. %P
: the process identifier. %T
: the thread identifier. %a
: the
client IP address. %M
: the actual log message.
Note that when the data for a formatting option is not available in a particular
event, it will be omitted from the log entirely as the Apache error log doesn’t
use placeholder values for missing parameters.
You can find a complete description of all the available error formatting
options in the
Apache docs.
Step 9 — Customizing the error log level
In the virtual host configuration file, you can also control the level of
messages that will be entered into the error log through the
LogLevel directive.
When you specify a particular value, messages from all other levels of higher
severity will be logged as well. For example, when LogLevel error
is
specified, messages with a severity of crit
, alert
, and emerg
will also be
logged.
These are the levels available in increasing order of severity:
trace1
—trace8
: trace messages (lowest severity).debug
: messages used for debugging.info
: informational messages.notice
: normal but significant conditions.warn
: warnings.error
: error conditions that doesn’t necessarily require immediate action.crit
: critical conditions that requires prompt action.alert
: errors that require immediate action.emerg
: system is unusable.
If the LogLevel
directive is not set, the server will set the log level to
warn
by default.
Step 10 — Centralizing your Apache logs
Storing your Apache logs on the filesystem may suffice for development
environments or single-server deployments, but when multiple servers are
involved, it may be more convenient to centralize all your logs in a single
location so that you can automatically parse, filter, and search log data from
all sources in real-time.
In this section, we’ll demonstrate how you can centralize your Apache logs in a
log management service through Vector,
a high-performance tool for building observability pipelines. The following
instructions assume that you’ve signed up for a free
Logtail account and retrieved your source
token.
Go ahead and follow the relevant
installation instructions for Vector
for your operating system. On Ubuntu, you may run the following commands to
install the Vector CLI:
curl -1sLf 'https://repositories.timber.io/public/vector/cfg/setup/bash.deb.sh' | sudo -E bash
After Vector is installed, confirm that it is up and running through
systemctl
:
You should observe that it is active and running:
● vector.service - Vector
Loaded: loaded (/lib/systemd/system/vector.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-02-08 10:52:59 UTC; 48s ago
Docs: https://vector.dev
Process: 18586 ExecStartPre=/usr/bin/vector validate (code=exited, status=0/SUCCESS)
Main PID: 18599 (vector)
Tasks: 3 (limit: 2275)
Memory: 6.8M
CGroup: /system.slice/vector.service
└─18599 /usr/bin/vector
Otherwise, go ahead and start it with the command below.
sudo systemctl start vector
Afterwards, change into a root shell and append your Logtail vector
configuration for Apache into the /etc/vector/vector.toml
file using the
command below. Don’t forget to replace the <your_logtail_source_token>
placeholder below with your source token.
wget -O ->> /etc/vector/vector.toml
https://logtail.com/vector-toml/apache2/<your_logtail_source_token>
Then restart the vector
service:
sudo systemctl restart vector
You will observe that your Apache logs will start coming through in Logtail:
Conclusion
In this tutorial, you learned about the different types of logs that the Apache
web server stores, where you can find those logs, and how to view their
contents. We also discussed Apache access and error log formatting and how to
create your custom log formats, including a structured JSON format. Finally, we
considered how you can manage all your Apache logs in one place by using the
Vector CLI to stream each entry to a log management service.
Don’t forget to read the docs to
find out more about all the logging features that Apache has to offer. Thanks
for reading!
Centralize all your logs into one place.
Analyze, correlate and filter logs with SQL.
Create actionable
dashboards.
Share and comment with built-in collaboration.
Got an article suggestion?
Let us know
Next article
How to View and Configure NGINX Access & Error Logs
Learn how to view and configure nginx access and error logs
→
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
1. Overview
The Linux operating system, and many applications that run on it, do a lot of logging. These logs are invaluable for monitoring and troubleshooting your system.
What you’ll learn
- Viewing logs with a simple GUI tool
- Basic command-line commands for working with log files
What you’ll need
- Ubuntu Desktop or Server
- Very basic command-line knowledge (
cd
,ls
, etc.)
Originally authored by Ivan Fonseca.
How will you use this tutorial?
-
Only read through it
Read it and complete the exercises
What is your current level of experience?
-
Novice
Intermediate
Proficient
2. Log files locations
There are many different log files that all serve different purposes. When trying to find a log about something, you should start by identifying the most relevant file. Below is a list of common log file locations.
System logs
System logs deal with exactly that — the Ubuntu system — as opposed to extra applications added by the user. These logs may contain information about authorizations, system daemons and system messages.
Authorization log
Location: /var/log/auth.log
Keeps track of authorization systems, such as password prompts, the sudo
command and remote logins.
Daemon Log
Location: /var/log/daemon.log
Daemons are programs that run in the background, usually without user interaction. For example, display server, SSH sessions, printing services, bluetooth, and more.
Debug log
Location: /var/log/debug
Provides debugging information from the Ubuntu system and applications.
Kernel log
Location: /var/log/kern.log
Logs from the Linux kernel.
System log
Location: /var/log/syslog
Contains more information about your system. If you can’t find anything in the other logs, it’s probably here.
Application logs
Some applications also create logs in /var/log
. Below are some examples.
Apache logs
Location: /var/log/apache2/
(subdirectory)
Apache creates several log files in the /var/log/apache2/
subdirectory. The access.log
file records all requests made to the server to access files. error.log
records all errors thrown by the server.
X11 server logs
Location: /var/log/Xorg.0.log
The X11 server creates a seperate log file for each of your displays. Display numbers start at zero, so your first display (display 0) will log to Xorg.0.log
. The next display (display 1) would log to Xorg.1.log
, and so on.
Non-human-readable logs
Not all log files are designed to be read by humans. Some were made to be parsed by applications. Below are some of examples.
Login failures log
Location: /var/log/faillog
Contains info about login failures. You can view it with the faillog
command.
Last logins log
Location: /var/log/lastlog
Contains info about last logins. You can view it with the lastlog
command.
Login records log
Location: /var/log/wtmp
Contains login info used by other utilities to find out who’s logged in. To view currently logged in users, use the who
command.
This is not an exhaustive list!
You can search the web for more locations relevant to what you’re trying to debug. There is also a longer list here.
3. Viewing logs using GNOME System Log Viewer
The GNOME System Log Viewer provides a simple GUI for viewing and monitoring log files. If you’re running Ubuntu 17.10 or above, it will be called Logs. Otherwise, it will be under the name System Log.
System Log Viewer interface
The log viewer has a simple interface. The sidebar on the left shows a list of open log files, with the contents of the currently selected file displayed on the right.
The log viewer not only displays but also monitors log files for changes. The bold text (as seen in the screenshot above) indicates new lines that have been logged after opening the file. When a log that is not currently selected is updated, it’s name in the file list will turn bold (as shown by auth.log
in the screenshot above).
Clicking on the cog at the top right of the window will open a menu allowing you to change some display settings, as well as open and close log files.
There is also a magnifying glass icon to the right of the cog that allows you to search within the currently selected log file.
More information
If you wish to learn more about the GNOME System Log Viewer, you may visit the official documentation.
4. Viewing and monitoring logs from the command line
It is also important to know how to view logs in the command line. This is especially useful when you’re remotely connected to a server and don’t have a GUI.
The following commands will be useful when working with log files from the command line.
Viewing files
The most basic way to view files from the command line is using the cat
command. You simply pass in the filename, and it outputs the entire contents of the file: cat file.txt
.
This can be inconvenient when dealing with large files (which isn’t uncommon for logs!). We could use an editor, although that may be overkill just to view a file. This is where the less
command comes in. We pass it the filename (less file.txt
), and it will open the file in a simple interface. From here, we can use the arrow keys (or j/k if you’re familiar with Vim) to move through the file, use /
to search, and press q
to quit. There are a few more features, all of which are described by pressing h
to open the help.
Viewing the start or end of a file
We may also want to quickly view the first or last n
number of lines of a file. This is where the head
and tail
commands come in handy. These commands work much like cat
, although you can specify how many lines from the start/end of the file you want to view. To view the first 15 lines of a file, we run head -n 15 file.txt
, and to view the last 15, we run tail -n 15 file.txt
. Due to the nature of log files being appended to at the bottom, the tail
command will generally be more useful.
Monitoring files
To monitor a log file, you may pass the -f
flag to tail
. It will keep running, printing new additions to the file, until you stop it (Ctrl + C). For example: tail -f file.txt
.
Searching files
One way that we looked at to search files is to open the file in less
and press /
. A faster way to do this is to use the grep
command. We specify what we want to search for in double quotes, along with the filename, and grep
will print all the lines containing that search term in the file. For example, to search for lines containing “test” in file.txt
, you would run grep "test" file.txt
.
If the result of a grep
search is too long, you may pipe it to less
, allowing you to scroll and search through it: grep "test" file.txt | less
.
Editing files
The simplest way to edit files from the command line is to use nano
. nano
is a simple command line editor, which has all the most useful keybindings printed directly on screen. To run it, just give it a filename (nano file.txt
). To close or save a file, press Ctrl + X. The editor will ask you if you want to save your changes. Press y
for yes or n
for no. If you choose yes, it will ask you for the filename to save the file as. If you are editing an existing file, the filename will already be there. Simply leave it as it is and it will save to the proper file.
5. Conclusion
Congratulations, you now have enough knowledge of log file locations, usage of the GNOME System Log Viewer and basic command line commands to properly monitor and trouble-shoot problems that arise on your system.
Further reading
- The Ubuntu Wiki has an article that goes more in-depth into Ubuntu log files.
- This DigitalOcean Community article covers viewing Systemd logs
Was this tutorial useful?
Thank you for your feedback.