[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Apache] Easy explanation of how to view access logs! *Updated February 2025

2020.02.02

table of contents [非表示]

1 What is an access log?
2 Let's take a look at Apache's access log!
3 Let's analyze the access log!
- 3.1 Let's learn a little about the meaning of status codes
4 summary

Hello!
This is Inoue, a Persian cat from Beyond Shikoku Office.

As I work as an infrastructure engineer, I often see access logs as I deal with disabilities every day.
This time, I would like to explain in a simple way how to view the access logs of Apache.

Click here to see how to view Nginx access logs, which are often compared to Apache.

What is an access log?

The access log the history of connections to the server . Information such as date and time, IP address from which the visit was made, the page requested, and the browser and device used are recorded.

An example of how we infrastructure engineers use access logs is alert response.

Check the access log of the server with the alert and see if the number of accesses has increased or decreased compared to normal times. If the number of accesses increases rapidly, it means that the server is under a heavy load.

We may also check the pages being accessed to confirm that they actually exist.

Let's take a look at Apache's access log!

[root@test-aws-harukainoue httpd]# tail access_log xxx.xx.xx.xxx - - [11/Dec/2019:12:01:22 +0000] "GET / HTTP/1.0" 200 35 "-" " Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36"

*This is an excerpt from the execution results.

There are a lot of alphanumeric characters and symbols that I don't understand.

Let's analyze the access log!

By default, Apache's configuration file is written in
/etc/httpd/conf/httpd.conf Looking inside the "/etc/httpd/conf/httpd.conf" file,

LogFormat "%h %l %u %t \"%r\" %t %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog "logs/access_log" combined

It says, and combined is defaulted.
The logs are displayed in this format.

format string	Meaning of format	Access log value	remarks
%h	remote host IP address	xxx.xx.xx.xxx
%l	Connecting user name	-(Not set)	This is usually -, but if mod_ident exists on the server and the IdentityCheck directive is set to On, the value will be output.
%u	remote user	-(Not set)
%t	Date and time accessed	2019/11/11　12:01
\"%r\"	File accessed	・Action = GET ・HTTP = protocol ・Resource = 1.0	*Backslashes are displayed as "\".
%>s	status code	200 (normal)
%b	Feeding amount for resources	35 bytes
\"%{Referer}i\"	URL of access source	-(Not set)	whether you came via some other site or accessed directly from the URL.
\"%{User-Agent}i\"	What OS and which browser did you use to access it?	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36	・OS = Linux ・Browser = Chrome

Let's learn a little about the meaning of status codes

A status code a web server and web browser to communicate the status of each other

・200 = Request successful
・301 = The requested page has been moved to another page
・302 = Temporarily moved to another page
・403 = You do not have permission to view the requested page
・404 = The requested page exists No
/ 500 = Error occurred on the server side

summary

Once you can see the access log, your infrastructure engineering skills should be improved dramatically!

While responding to alerts on a daily basis, I always check the access logs when the load on the web server suddenly increases.
You can also check the access log to see if there has been any offensive access.
I am also looking at the access log with intense eyes! (`・ω・´)
Writing this on my blog has deepened my understanding.

I will continue to repeat trial and error and
write blogs about my favorite commands and things that I personally want to understand better.

In addition, this time I explained how to view Apache's access logs, but other members also wrote a blog about how to view nginx's access logs, so please take a look at this as well!

Growing every day, moving forward every day.
I have to update myself every day! ! !
Thank you for reading to the end.

▼ Click here for cloud/server operation monitoring service (24 hours a day, 365 days a year)

If you found this article helpful , please give it a like!

[2026.6.30 Amazon Linux 2 end of support] Amazon Linux server migration solution

The person who wrote this article

About the author

Akika Inoue

Belongs to the System Solutions Department.
He joined Beyond as a founding member of the Shikoku office.
I jumped into the IT industry with no experience. As an education team, we create curriculum and conduct training for new graduates, mid-career, and existing members.
The main business is server operation and maintenance.
Either way, we value your content.
Also belongs to the Web Content Division and YouTube Team.

If you want to develop PHP with VSCode, use intelephense, the strongest intellisense.If you want to enjoy the night in Miyoshi, go here! Bastard Bar Bastard