Bump on a Log: The Error Log
In addition to access logs, Apache notes unusual server activity
in an error log. In your
httpd.conf file, the
LogLevel directives pertain to
the error log. They should look something like this:
ErrorLog logs/error_log LogLevel warn
The first line tells Apache where to log errors. The second line sets the
threshold for what types of errors to log. The default
level should be just fine; for a list of log levels, consult the
Apache LogLevel documentation.
The contents of the Apache error log are pretty clear. For example,
someone requesting an HTML document,
does not exist on the server, generates the following error log entry:
[Tue Mar 07 09:59:29 2000] [error] [client 123.45.678.90] File does not exist: /path/to/htdocs/nonexistent.html
Restarting your Apache server generates:
[Tue Mar 07 09:52:40 2000] [notice] SIGHUP received. Attempting to restart [Tue Mar 07 09:52:42 2000] [notice] Apache/1.3.11 (Unix) configured -- resuming normal operations
The error log is a very useful tool for:
Keep tabs on your server's activity and status. The key is tuning the
LogLevelto suit your particular needs.
The error logs are often your first indication that something is amiss. A sudden spate of "authentication failures" in password-protected directories may indicate someone trying to see what they're not allowed to.
Tossing the Caber
I now leave you to your log rolling. If you have a particularly nice log setup you're willing to share, please post a message on the O'Reilly Network Apache Forum.
The following is a list of starting points from which to explore further some of the topics covered in this article.
- Apache Logging Modules
- Apache Log Configuration Directives
- User Tracking and Cookies
- Log Analysis Tools
Tune in Next Time...
Apache and mod_perl, RPM-Style
As always, if you'd like me to cover anything in particular, feel free to post your suggestions to the O'Reilly Network Apache Forum.
Return to the Apache DevCenter