[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[Apache] Easy explanation of how to read access logs! *Updated in 2024

2020.02.02

table of contents

1 What is an access log?
2 Let's take a look at Apache's access log!
3 Let's analyze the access log!
- 3.1 Let's learn a little about the meaning of status codes
4 summary

Hello!
This is Inoue, a Persian cat from Beyond Shikoku Office.

To put it in a cool way, as an MSP, I often see access logs as I deal with problems on a daily basis.
This time, MSP is required! ! I would like to briefly explain how to read Apache access logs.

What is an access log?

The access log the history of connections to the server . Information such as date and time, IP address from which the visit was made, the page requested, and the browser and device used are recorded.

One example of how we as an MSP use access logs is for alert response.

Check the access log of the server with the alert and see if the number of accesses has increased or decreased compared to normal times. If the number of accesses increases rapidly, it means that the server is under a heavy load.

We may also check the pages being accessed to confirm that they actually exist.

Let's take a look at Apache's access log!

[root@test-aws-harukainoue httpd]# tail access_log xxx.xx.xx.xxx - - [11/Dec/2019:12:01:22 +0000] "GET / HTTP/1.0" 200 35 "-" " Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36"

*This is an excerpt from the execution results.

There are a lot of alphanumeric characters and symbols that I don't understand.

Let's analyze the access log!

By default, Apache's configuration file is written in
/etc/httpd/conf/httpd.conf Looking inside the "/etc/httpd/conf/httpd.conf" file,

LogFormat "%h %l %u %t \"%r\" %t %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog "logs/access_log" combined

You can see that the format "combined" is set by default.
Logs are displayed according to this format.

format string	Meaning of format	Access log value	remarks
%h	remote host IP address	xxx.xx.xx.xxx
%l	Connecting user name	-(Not set)	This is usually -, but if mod_ident exists on the server and the IdentityCheck directive is set to On, the value will be output.
%u	remote user	-(Not set)
%t	Date and time accessed	2019/11/11　12:01
\"%r\"	File accessed	・Action = GET ・HTTP = protocol ・Resource = 1.0	*Backslashes are displayed as "\".
%>s	status code	200 (normal)
%b	Feeding amount for resources	35 bytes
\"%{Referer}i\"	URL of access source	-(Not set)	whether you came via some other site or accessed directly from the URL.
\"%{User-Agent}i\"	What OS and which browser did you use to access it?	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36	・OS = Linux ・Browser = Chrome

Let's learn a little about the meaning of status codes

A status code a web server and web browser to communicate the status of each other

・200 = Request successful
・301 = The requested page has been moved to another page
・302 = Temporarily moved to another page
・403 = You do not have permission to view the requested page
・404 = The requested page exists No
/ 500 = Error occurred on the server side

summary

If you can see access logs, your MSP power will skyrocket!

While responding to alerts on a daily basis, I always check the access logs when the load on the web server suddenly increases.
You can also check the access log to see if there has been any offensive access.
I am also looking at the access log with intense eyes! (`・ω・´)
Writing this on my blog has deepened my understanding.

I will continue to repeat trial and error and
write blogs about my favorite commands and things that I personally want to understand better.

Also, this time I explained how to read Apache's access log, but a member also wrote a blog about how to read nginx's access log, so please take a look at that as well!

[nginx] Explaining how to view, settings, location, etc. of access logs

Growing every day, moving forward every day.
I have to update myself every day! ! !
Thank you for reading to the end.

▼ Click here for cloud/server operation monitoring service (24 hours a day, 365 days a year)

Cloud/server operation monitoring service (24 hours a day, 365 days a year)

If you found this article helpful , please give it a like!

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

The person who wrote this article

About the author

Akika Inoue

Belongs to the System Solutions Department.
He joined Beyond as a founding member of the Shikoku office.
I jumped into the IT industry with no experience. As an education team, we create curriculum and conduct training for new graduates, mid-career, and existing members.
The main business is server operation and maintenance.
Either way, we value your content.
Also belongs to the Web Content Division and YouTube Team.

If you want to develop PHP with VSCode, use intelephense, the strongest intellisense.If you want to enjoy the night in Miyoshi, go here! Bastard Bar Bastard