How to View Apache Access & Error Logs

January 7, 2019

Introduction

Apache is part of the LAMP stack of software for Linux (Linux, Apache, MySQL, PHP). Apache is responsible for serving web pages to people looking at your website.

The server grants access for visits to your website, and it keeps an access log. These records, or log files, can be a valuable source of information about your website, usage, and audience.

In this tutorial, you will learn how to view Apache access log files.

tutorial on how to view apache access and error logs

Prerequisites

  • A Linux system running Apache web services
  • A user account with root (sudo) access
  • Terminal window (Ctrl-Alt-T in Ubuntu, Alt-F2 in CentOS)

Viewing Apache Access Logs

Use cPanel to Download Raw Access Files

If you’re logged in to a web server with cPanel, you can download the Apache access logs through a graphical interface.

1. Look for the section labeled Metrics.

Where to find Apache log files in cPanel.

2. Click Raw Access. If archiving is enabled, raw Apache log files can be downloaded at the bottom of the page. They will look like standard hyperlinks, labeled for the website you’re managing.

How to download raw Apache logs.

Clicking the hyperlink will prompt you to save or open the file. These log files are compressed using gzip, so if you’re not using a Linux system, you might need a decompression tool. Save the file to a location of your liking.

3. Locate the file in your OS, then right-click > extract. A new file should appear without the .gz extension.

4. Right-click > edit to open the file in your favorite text editor to view the contents.

Using Terminal Commands to Display Local Access Logs

If you’re working on the machine that hosts Apache, or if you’re logged into that machine remotely, you can use the terminal to display and filter the contents of the access logs.

By default, you can find the Apache access log file at the following path:

  • /var/log/apache/access.log
  • /var/log/apache2/access.log
  • /etc/httpd/logs/access_log

Use the GUI or the terminal with the cd command to navigate your system to find where the logs are stored.

Step 1: Display the Last 100 Entries of the Access Log

In the terminal window, enter the following:

sudo tail -100 /var/log/apache2/access.log

The tail command tells the machine to read the last part of the file, and the -100 command directs it to display the previous 100 entries.

The final part, /var/log/apache2/access.log tells the machine where to look for the log file. If your log file is in a different place, make sure to substitute your machine’s path to the Apache log files.

Step 2: Display a Specific Term from Access Logs

Sometimes, you only want to display a specific type of entry in the log.  You can use the grep command to filter your report by certain keywords.

For example, enter the following into a terminal:

sudo grep GET /var/log/apache2/access.log

Like the previous command, this looks at the /var/log/apache2/access.log file to display the contents of the access log. The grep command tells the machine to only display entries with the GET request.

You can substitute other Apache commands as well. For example, if you’re looking to monitor access to .jpg images, you could substitute .jpg for GET. As before, use the actual path to your server’s log file.

How to View Apache Error Logs

In addition to the access log, you can use the previously mentioned terminal commands to view the error log.

Enter the following command in the terminal:

sudo tail -100 /var/log/apache2/error.log

If you found your access log file in another location, your error log file will be in the same location. Make sure you type the correct path.

Interpreting the Access Log in Apache

When you open your access log file for the first time, you may feel overwhelmed.

There’s a lot of information about HTTP requests, and some text editors (and the terminal) will wrap the text to the next line. This can make it confusing to read, but each piece of information is displayed in a specific order.

The conventional method for expressing the format of access log files is:

"%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i""

This is a code for the most common things in each line of the log.

Each % sign corresponds to a piece of information in the log:

  • %h – The client’s IP address (the source of the access request).
  • %l – This next entry may simply be a hyphen that means no information was retrieved. This is the result of checking identd on the client.
  • %u – Client’s userid, if the access request required http authentication.
  • %t – Timestamp of the incoming request.
  • %r – Request line that was used. This tells you the http method (GET, POST, HEAD, etc.), the path to what was requested, and the http protocol being used.
  • %>s – Status code that was returned from the server to the client.
  • %b – Size of the resource that was requested.
  • "%{Referer}i" – This tells you if the access came from clicking a link on another website, or other ways that the client was referred to your page.
  • "%{User-agent}i" – Tells you information about the entity making the request, such as web browser, operating system, website source (in the case of a robot), etc.

Just read across the line in your log file, and each entry can be decoded as above. If there is no information, the log will display a hyphen. If you’re working on a preconfigured server, your log file may have more or less information. You can also create a custom log format by using the custom log module.

For more information about decoding log formats, see this page.

How to Use Data in Apache Log Files

Apache log analysis gives you the opportunity to measure the ways that clients interact with your website.

For example, you might look at a timestamp to figure out how many access requests arrive per hour to measure traffic patterns. You could look at the user agent to find out if particular users are logging in to a website to access a database or create content. You could even track failed authentications to monitor various types of cybersecurity attacks against your system.

The apache error log can be used similarly. Often, it’s simply used to see how many 404 errors are being generated. A 404 error happens when a client requests a missing resource, and this can alert you on broken links or other errors within the page. However, it can also be used to find configuration glitches or even warnings about potential server problems.

Conclusion

This guide provided methods for extracting data to view Apache access log files.

The access.log file is an excellent resource for measuring the ways that clients are interacting with your server. The error.log file can help you troubleshoot issues with your website.

Was this article helpful?
YesNo
Sofija Simic
Sofija Simic is an experienced Technical Writer. Alongside her educational background in teaching and writing, she has had a lifelong passion for information technology. She is committed to unscrambling confusing IT concepts and streamlining intricate software installations.
Next you should read
Defend Against DoS & DDoS on Apache With mod_evasive
March 5, 2019

The mod_evasive tool is an Apache web services module that helps your server stay running in the event of an...
Read more
How to View & Read Linux Log Files
February 13, 2019

All Linux systems create and store information log files for boot processes, applications, and other events...
Read more
How to Start, Stop, or Restart Apache Server on CentOS 7
January 23, 2019

In this SIMPLE Updated Tutorial Learn How to restart, start, & stop Apache web server on the CentOS 7 Linux...
Read more
How To Prevent Brute Force Attacks With 8 Easy Tactics
December 3, 2018

A brute force attack is among the most straightforward and least sophisticated hacking method. As the name...
Read more