English translation
Apache HTTP Server Log Management and Monitoring
In the previous article, we explored how to configure the Apache2 service to start automatically at system boot. Today, we’ll delve deeper into Apache2 log management and monitoring—a critical topic, as log files not only help troubleshoot issues but also provide valuable statistics about website traffic and user behavior.
Overview of Apache2 Logging
By default, Apache2 writes two primary log files:
access.log: Records all incoming HTTP requests—including timestamps, client IP addresses, requested URLs, and more.error.log: Captures errors and warnings generated during server operation—essential for diagnosing failures.
These logs are typically stored in /var/log/apache2/. You can view them in real time using:
tail -f /var/log/apache2/access.log
or
tail -f /var/log/apache2/error.log
Configuring Log Files
You can customize log format and location by editing Apache’s main configuration file (e.g., /etc/apache2/apache2.conf) or individual virtual host configurations. For example:
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
Log Format
Apache supports flexible log formatting via the LogFormat directive. Here's a commonly used format definition:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
%h: Remote host IP address%l: Remote log name (usually-)%u: Remote user (as authenticated;-if unauthenticated)%t: Timestamp of the request%r: First line of the request (method + URL + protocol)%>s: Final HTTP status code returned to the client%b: Size of the response body in bytes (excluding headers)
Log Rotation
To prevent log files from growing indefinitely, use a log rotation tool like logrotate. The Apache2-specific rotation rules are usually defined in /etc/logrotate.d/apache2:
/var/log/apache2/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 640 www-data adm
}
This configuration rotates logs daily, retains 14 archived versions, compresses old logs (with compression delayed until the next rotation), skips rotation if the log is empty, and creates new log files with permissions 640 owned by www-data:adm.
Real-Time Log Monitoring
Real-time log monitoring enables rapid issue detection and live traffic analysis. For instance, to watch for 404 errors as they occur:
tail -f /var/log/apache2/access.log | grep "404"
This command streams matching entries—helping you quickly identify broken links or misconfigured resources.
Tools for Log Analysis
Several powerful tools simplify Apache log analysis:
-
GoAccess: A real-time, terminal-based log analyzer that generates interactive HTML reports.
Install GoAccess:
sudo apt-get install goaccessAnalyze access logs and generate an HTML report:
goaccess /var/log/apache2/access.log --log-format=COMBINED -o report.html -
AWStats: A Perl-based log analyzer that produces dynamic, web-accessible statistical reports.
Install AWStats:
sudo apt-get install awstatsConfiguration files reside in
/etc/awstats/. After adjusting settings per your needs, run AWStats manually or via cron to process logs and update reports.
Practical Example: Monitoring Traffic Volume Over Time
Suppose you want to extract all requests between 10:00 and 12:00 on January 1, 2023. Use awk to filter by timestamp:
awk '$4 >= "[01/Jan/2023:10:00:00" && $4 <= "[01/Jan/2023:12:00:00"' /var/log/apache2/access.log
This filters and displays only those log entries falling within the specified time window.
Closing Remarks
This article covered essential Apache2 log management and monitoring techniques—from basic log structure and configuration to real-time inspection and advanced analysis with dedicated tools. In upcoming articles, we’ll focus on securing Apache2—specifically configuring SSL/TLS and obtaining trusted certificates. Effective log management and monitoring lay the groundwork for proactive security: understanding your system’s behavior before hardening it ensures smarter, evidence-driven protection strategies.
Continue