Apache log secrets

24 02 2008

Previously I have shown my preferred methods of rotating log files here and here.  But Apache has a couple hidden gotchas and enhancements that can be made relating to logs.

Firstly the logs are not in true chronological order, the time stamps are at the start of the request, whilst the log data is actually recorded when the request finishes.  This means that long requests could be logged after short requests and the time stamps will be out of sequence.  This can mess with some log processors such as webalizer, which will drop out of sequence requests by default.  I have created a small utility called logsort which sorts out of order log files using minimal resources.

Another hiccup with Apache logging is that since 2.0 it logs how much the data it would send regardless of whether or not the transaction completes or not.  This can be problematic if you trying to figure out how much bandwidth a client is using based on the log files.  Luckily there is a work around in the name of mod_logio.  Simply enable mod_logio (in most Linux distros this means un-commenting it in httpd.conf) then look for your log line which will be something like:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

and change it to:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

This will also include headers transferred.  You could also do this to record the amount of data recieved too (for example if there is a lot of binary post data):

LogFormat "%h %l %u %t \"%r\" %>s %I/%O \"%{Referer}i\" \"%{User-Agent}i\"" combined

This will produce:

[24/Feb/2008:14:19:07 +0000] "GET / HTTP/1.1" 200 104/7918 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20061201 Firefox/2.0.0.11 (Ubuntu-feisty)"

As a bonus you can also log the amount of time a request takes from start to completion (so processing time + transfer time) by doing:

LogFormat "%h %l %u %t \"%r\" %>s %I/%O \"%{Referer}i\" \"%{User-Agent}i\" %T/%D" combined

Which will give you:

[24/Feb/2008:14:19:07 +0000] "GET / HTTP/1.1" 200 104/7918 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20061201 Firefox/2.0.0.11 (Ubuntu-feisty)" 0/95491

Comments : No comments »
Categories : Apache
Trackbacks : No Trackbacks »
Defined tags for this entry: ,
Related entries by tags:
mod_rewrite with query strings
Apache log rotation - part 2
Apache log rotation
Broken multi dimension PHP server variables
Bookmark Apache log secrets at del.icio.us Digg Apache log secrets

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)
No comments

Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA