|Your Daily Source for Apache News and Information|
|Breaking News||Preferences||Contribute||Triggers||Link Us||Search||About|
Apache comes with built-in mechanisms for logging activity on your server. In this series of articles, I'll talk about the standard way that Apache writes log files, and some of the tricks for getting more useful information and statistics out of your server.
This week we'll talk about the information that appears in your transfer log, and what it all means.
If you have done a default installation of Apache, when you run your server, two log files will get written. These files are called
126.96.36.199 - - [19/Aug/2000:14:47:37 -0400] "GET / HTTP/1.0" 200 654
This line contains 7 pieces of information. Actually, two of them are blank in this example, but there is space for 7 pieces of information.
The first piece of information is the address of the remote host. That is, who is looking at your web site. In the example above, the host visiting my web site is
By default, this address is just the IP address of the remote host. You can tell Apache to look up all the host names, and put those host names in the log instead of the IP address. This is probably not a good idea, since it greatly slows down the logging process, and so slows down your entire server. And there are various tools that will go through your log after the fact, and resolve all the IP addresses to host names, so there's no real advantage to doing this anyway.
But, if you want to, you can tell Apache to do these lookups with the directive:
The second slot, alas, is blank, and almost always will be. That's what that ``-'' is: a place-holder for the second piece of information. That is the location where you're supposed to get the identity of the visitor. That's not just their login name, but their email address, or other unique identifier. This information is supposed to be returned by
The third piece of information is also blank. The information that would appear there is the username with which the visitor authenticated. This will appear, of course, only when you have required authentication for a particular resource. So for the majority of entries in your log file, for most sites, this will be blank.
Next we have the time when the request was made. This information is enclosed in square brackets, and is in what is called ``common log format'', or ``standard english format.'' So the request in the above example was made at 14:47:37 on Saturday, August 19. The
The next piece of information is probably the most useful piece of information in the record. It tells what request was actually made of the server. This is typically in the format
In the example above, the
The sixth piece of information is a status code. This tells you whether the request was successful, or encountered some problem. Most of the time, this is
The seventh and final piece of information is the total number of bytes that were transferred to the client. This can tell you if a transfer was interrupted (if the number is different from the size of the file). Adding them up will tell you how much data your server transferred in a day, or week, or whatever.
CustomLog /usr/local/apache/logs/access_log common
Note: If you're running an older version of Apache, this line might look a little different. It might be the
The path specified there is the location of the log file. Note that this location should be secured against random users writing to it, since the log file is opened by the HTTP user (specified with the
In my next few articles, I'll be talking about the following subjects: Custom log format. Logging to a process, rather than to a file. The error log. Getting useful statistics out of your log files. And whatever else you fine readers suggest to me.
Thanks for reading. Please send me a note at if you have any suggestions or comments.
Want to discuss log files with other Apache Today readers? Then check out the PHP discussion at Apache Today Discussions.
|About Triggers||Media Kit||Security||Triggers||Login|
All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4