Description: Log is an extremely important thing for Developer and System Administrator to troubleshoot any issue. Here I have explained how to setup Apache log and different options to get more details from Apache
For instance, when someone visits your website, a log is recorded and stored to provide the Apache webserver administrator with information such as the IP address of the visitor, what pages they were viewing, status codes, browser used, etc.
How to setup Access log file for Apache
- Open HTTP configuration file [Located on /etc/httpd/conf/httpd.conf] and paste below configuration
# vi /etc/httpd/conf/httpd.confLogFormat "%h %t \"%r\" %>s %b %O %T/%D \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/access_log combined
- After saving configuration restart Apache service
%% The percent sign%a Remote IP-address%A Local IP-address%B Size of response in bytes, excluding HTTP headers.%b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent.%{Foobar}C The contents of cookie Foobar in the request sent to the server.%D The time taken to serve the request, in microseconds.%{FOOBAR}e The contents of the environment variable FOOBAR%f Filename%h Remote host%H The request protocol%{Foobar}i The contents of Foobar: header line(s) in the request sent to the server.%l Remote logname (from identd, if supplied). This will return a dash unless mod_ident is present and IdentityCheck is set On.%m The request method%{Foobar}n The contents of note Foobar from another module.%{Foobar}o The contents of Foobar: header line(s) in the reply.%p The canonical port of the server serving the request%P The process ID of the child that serviced the request.%{format}P The process ID or thread id of the child that serviced the request. Valid formats are pid, tid, and hextid. hextid requires APR 1.2.0 or higher.%q The query string (prepended with a ? if a query string exists, otherwise an empty string)%r First line of request%s Status. For requests that got internally redirected, this is the status of the *original* request --- %>s for the last.%t Time the request was received (standard english format)%{format}t The time, in the form given by format, which should be in strftime(3) format. (potentially localized)%T The time taken to serve the request, in seconds.%u Remote user (from auth; may be bogus if return status (%s) is 401)%U The URL path requested, not including any query string.%v The canonical ServerName of the server serving the request.%V The server name according to the UseCanonicalName setting.%X Connection status when response is completed:X = connection aborted before the response completed.+ = connection may be kept alive after the response is sent.- = connection will be closed after the response is sent.(This directive was %c in late versions of Apache 1.3, but this conflicted with the historical ssl %{var}c syntax.)%I Bytes received, including request and headers, cannot be zero. You need to enable mod_logio to use this.%O Bytes sent, including headers, cannot be zero. You need to enable mod_logio to use this.
104.244.168.11 [19/Nov/2020:10:56:24 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 400 278 473 **60/60059969** "http://104.211.139.152:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
103.251.217.65 [19/Nov/2020:11:01:20 +0000] "GET /favicon.ico HTTP/1.1" 502 341 573 **60/60043967** "http://104.211.139.152/balancer-manager" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
%h = Requestor IP/address%t = Date time of the request%r = Request type and resource being requested%s = HTTP response status code%b = Size of response in bytes, excluding HTTP headers%O = Size of object returned%T = The time taken to serve the request, in seconds Response time%D = The time taken to serve the request, in microsecond