Log Rhythms
Pages: 1, 2, 3

Bump on a Log: The Error Log

In addition to access logs, Apache notes unusual server activity in an error log. In your httpd.conf file, the ErrorLog and LogLevel directives pertain to the error log. They should look something like this:

ErrorLog logs/error_log
LogLevel warn

The first line tells Apache where to log errors. The second line sets the threshold for what types of errors to log. The default warn level should be just fine; for a list of log levels, consult the Apache LogLevel documentation.

The contents of the Apache error log are pretty clear. For example, someone requesting an HTML document, nonexistent.html, that does not exist on the server, generates the following error log entry:

[Tue Mar 07 09:59:29 2000] [error] [client 123.45.678.90]
File does not exist: /path/to/htdocs/nonexistent.html

Restarting your Apache server generates:

[Tue Mar 07 09:52:40 2000] [notice] SIGHUP received.  
Attempting to restart
[Tue Mar 07 09:52:42 2000] [notice] Apache/1.3.11 (Unix) configured 
-- resuming normal operations

The error log is a very useful tool for:

• Monitoring
  Keep tabs on your server's activity and status. The key is tuning the LogLevel to suit your particular needs.
• Security
  The error logs are often your first indication that something is amiss. A sudden spate of "authentication failures" in password-protected directories may indicate someone trying to see what they're not allowed to.

Tossing the Caber

I now leave you to your log rolling. If you have a particularly nice log setup you're willing to share, please post a message on the O'Reilly Network Apache Forum.

---

Resources

The following is a list of starting points from which to explore further some of the topics covered in this article.

• Apache Logging Modules
  • mod_log_config (default)
  • mod_log_agent (deprecated)
  • mod_log_common (deprecated)
  • mod_log_referer (deprecated)
• Apache Log Configuration Directives
  • CustomLog
  • ErrorLog
  • LogFormat
  • LogLevel
  • RefererLog (deprecated)
  • ScriptLog
  • ScriptLogBuffer
  • ScriptLogLength
  • TransferLog
• User Tracking and Cookies
  • Cookie Central
  • mod_usertrack
• Log Analysis Tools
  • Yahoo Log Analysis Tools -- a huge tool drawer
  • Analog - a personal favorite
  • Webalizer, The - another popular analyzer

Tune in Next Time...

Apache and mod_perl, RPM-Style

As always, if you'd like me to cover anything in particular, feel free to post your suggestions to the O'Reilly Network Apache Forum.

---

Return to the Apache DevCenter