Today, using Apache on a Linux system is the standard setup and we as server engineers often need to read its access logs. This blog post briefly explains how to read it.
Sample
[root@test-aws-harukainoue httpd]# tail access_log
xxx.xx.xx.xxx - - [11/May/2022:12:01:22 +0000] "GET / HTTP/1.0" 200 35 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36"The Apache configuration file is written in "/etc/httpd/conf/httpd.conf" by default.
Inside the configuration file, you see something like below:
LogFormat "%h %l %u %t \"%r\" %t %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "logs/access_log" combinedIt can be seen that the format 'combined' is set as the default. The logs are designed to be displayed according to this format.
Format string | Description | Access log value | Note |
%h | IP address of remote host | xxx.xx.xx.xxx | |
%l | User name of the connection source | -(Not set) | This field is usually set to "-", but if mod_ident exists on the server and the IdentityCheck directive is set to If "mod_ident" exists on the server and the "IdentityCheck" directive is set to "On", the value will be output. |
%u | Remote user | -(Not set) | |
%t | Date and time accessed | 11/May/2022 12:01 | |
\"%r\" | Accessed file | Action = GET HTTP = protocol Resource = 1.0 | *Backslashes are indicated by '\'. |
%>s | Status code | 200(Normal) | |
%b | Amount of point sending for the resource | 35 bytes | |
\"%{Referer}i\" | URL of the access source | -(Not set) | The output shows whether the site was accessed directly from the URL or via some other website. |
\"%{User-Agent}i\" | What operating system and from which browser it accessed the site | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36 | OS = Linux Browser = Chrome |
A Quick Tips of Status Codes
Status codes are numbers (codes) that the web server and web browser use to communicate with each other's status.
200 = Successful request
301 = Requested page has been moved to another page.
302 = Temporarily moving to another page.
403 = No authorization to display the requested page.
404 = Requested page does not exist.
500 = Error occurred on the server-side.
This blog post is translated from a blog post written by Haruka Inoue on our Japanese website Beyond Co..
Comments