Log files are necessary components of any software. Especially in a web-server like Apache, it can come in very handy to know the statistics of visiting clients, security auditing and checking the errors.
Ibmi Media helps online businesses deliver reliable web services. In our web server management service, customized log configuration is used to enable quick troubleshooting. Today, we will discuss the four directives used for Apache logging and see what security features should be ensured of logging.
All the following directives are found in Apache configuration file httpd.conf.
1. ErrorLog – Specifies the location of the error log.
Usually it is located at /etc/httpd/logs/error_log. You can change it to any custom path but make sure the file has read and write permissions for root and no one else.
Example:
ErrorLog logs/error_log
2. LogLevel – This specifies what kind of information will Apache log.
There are 8 levels in it that is Emergency, Alert, Critical, Error, Warning, Notice, Information and Debug. The default level set up is Warn. It cannot be modified to give any custom errors but whenever you change the log level all the higher levels are also logged. For debugging purpose, we can use log level of Debug.
Example:
LogLevel Warn
3. LogFormat – When you are interested to know from where client connections are coming, what type of browsers are being used to access your sites and the referring URL's, you need log format.
This can be useful when your site is say browser dependent and you want to know which browser is used more to access your website.
Log Format are of access, agent and referrer type. “Combined” is used to have them all.
Combined LogFormat looks like the following:
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
where:
%h logs the remote host that is the IP address and the hostname if HostnameLookups is set to On.
%l logs identity of client. This is a unreliable information.
%u userid of the user requesting the document
%t date and time of the request
%r is the request line such as “”GET /gifts.html HTTP/2.0″”
%s this is the status code that the server sends back to the client. This is displayed in a web-page is not displayed correctly.
%b this is the size of the response in bytes.
Referrer is the page which has a link to the page gifts.html
User-Agent informs about the client browser.
4. CustomLog – This gives us the path to the access log and states the type of access log that is access, agent, referrer or combined.
Example:
CustomLog logs/access_log combined
The Apache access logs stores information about events that occurred on your #Apache web #server. Apache web servers also provide administrators with another type of log file called error logs.
The Apache error log has a logging level that filters the messages sent to the log. Apache #logs nothing for a single page request in warn level.
This log file is used to provide more information regarding a particular error that has occurred on the web server.
By default, you can find the Apache #access log file at the following path:
i. /var/log/apache/access. log.
ii. /var/log/apache2/access. log.
iii. /etc/httpd/logs/access_log.
To enable the Apache #HTTP access logs:
1. Open the Apache HTTP configuration at /Applications/MAMP/conf/apache/httpd.conf.
2. Find this line.
3. Change the line.
4. Restart Apache using the MAMP widgit.
5. Now, view your new logfiles!