Making Apache httpd Logs More Useful
Pages: 1, 2
The value of this logfile is in determining what requests, if any, have not completed. This will tell you which requests time out or are perhaps requests to CGI or PHP files that hang indefinitely.
No, you don't have to look through the file to find these non-matching pairs. A script that comes with Apache--
check_forensic--does this for you.
If you installed from source, you won't find it in your bin/ directory; you'll need to get it out of the support/ directory of your source distribution. As usual, I don't know whether your particular distribution of your OS will include this utility in its package releases.
check_forensic on your forensic logfile will spit out all of the request log entries that do not have a matching end request entry.
When you're trying to figure out what your browser and server are saying to one another,
mod_dumpio might be what you need. However, be warned that its output is somewhat cryptic and voluminous, and you need to be pretty sure of what you're looking for.
mod_dumpio logs the entire request (headers and body) and the entire response (headers and body) to the error logfile when enabled.
To log the request, set:
LogLevel debug DumpIOInput On DumpIOOutput On
Dumping input and output have different directives so that you can choose to have only one or the other, if, for example, you have an idea which side of the conversation contains the data you're looking for.
Don't enable this on production servers--at least, not for very long--as it will generate enormous logfiles in a very short time, and will also slow down performance considerably.
At least in Apache 2.0 and 2.2, you have to turn the
LogLevel up to
debug for anything to be logged. Apache 2.3 will contain a new directive,
DumpIOLogLevel, which sets the
LogLevel at which
mod_dumpio will dump data to the log.
Finally, here's something that might be immediately practical to you. The
RewriteLog is your very best tool when trying to subdue recalcitrant
There are two directives involved in enabling the
RewriteLog logs/rewrite.log RewriteLogLevel 9
The important caveat here is that neither one of these directives work in a .htaccess file, so if you're troubleshooting
RewriteRules on a hosted website where you don't have access to the main config, I recommend that you instead get it working on your test machine at home before uploading it to the live site. Of course, testing things on a test server is always a good policy.
RewriteLogLevel directive may be anywhere from 0 (don't log) to 9 (tell me everything). It controls the volume of information that you receive in the log.
RewriteLog entries tell you what argument a
RewriteCond is being applied to, the success or failure of that match, and the action that will be taken, if any, as a consequence of the match.
For example, consider these lines from my rewrite log:
192.168.200.1 - - [30/Nov/2006:21:03:18 --0500] [wooga.drbacchus.com/sid#9db7eb8][rid#9ecdee8/initial] (3) applying pattern '^/blog/(.*)' to uri '/blog/rewrite' 192.168.200.1 - - [30/Nov/2006:21:03:18 --0500] [wooga.drbacchus.com/sid#9db7eb8][rid#9ecdee8/initial] (2) rewrite '/blog/rewrite' -> '/index.php?name=rewrite'
The first of these entries, logged at level 3, shows the
^/blog/(.*) being applied to a requested URI of
/blog/rewrite. Because it matches, the target of the rewrite rule is invoked, and the URI is rewritten.
Often, the most useful part of the rewrite log is understanding what string the rewrite rule is actually being compared against. This produces many "aha!" moments, as in, "Aha! No wonder it's not matching! It expected a leading slash there!"
As we say on #apache, no matter what the problem is, step one is to look at the error log. When the error log doesn't provide quite enough information, Apache has no shortage of logging abilities that will give you that little bit of extra information you need to find the root of your problems.
Rich Bowen is a member of the Apache Software Foundation, working primarily on the documentation for the Apache Web Server. DrBacchus, Rich's handle on IRC, can be found on the web at www.drbacchus.com/journal.
Return to ONLamp.com.