Today features another post about the nuts and bolts of logging. This time, I’ll be talking about the Apache error log in some detail.
Originally, I had a different plan and outline for this post. But then I started googling for good reference material.
And what I found were way more questions than answers about the topic, many on various Stack Exchange sites. It seems that information about the Apache error log is so scarce that people can’t agree on where to ask questions, let alone get answers to them.
So let’s change that. I’m going to phrase this as a Q&A-based outline, hopefully answering all of the questions you might have come looking for—if you googled the term—while also providing a broad narrative for regular readers.
First of All, What Is the Apache Error Log?
First things first. What exactly is this thing we’re talking about here? To understand that, you first need to understand what Apache is. Apache is a web server, in the software sense of the term. As briefly as possible, this means that it’s the application in which you put your website’s files, and it manages inbound HTTP requests.
Now as you might imagine, something that manages the websites you build is a fairly involved and fairly important piece of software. And, as such, it produces a lot of log data.
Apache’s error log is part of that log data that it produces. It’s a standalone file that specifically contains information about errors produced as the Apache web server starts up and runs.
According to Apache’s section on the subject, it is “the most important log file.”
Is the Apache Error Log a Different Thing from the Apache Access Log?
So there you have it. The Apache error log is a log file (and the most important log file) of Apache’s runtime errors.
The next thing people seem to wonder about a lot has to do with differentiating between the access log and the error log. Are these two different things? Or is it just kind of two names for the same thing?
They’re two different, distinct things. The error log is not the same thing as the access log.
For those who follow the blog, you may recall that I’ve posted in detail about the Apache access log. The access log keeps track of all of the requests that come into the web server and who has sent them. You can think of it as the really geeky equivalent of an event guest log. It keeps track of things like IP addresses of visitors, the URL requested, the response, etc.
Now, while the access log may have information related to problems that happen, the error log—the subject of our focus today—is specifically dedicated to logging errors and problems that occur with the running of the server. You can mine the access log for general information about web requests but look in the error log for, well, errors.
Where Do You Find the Apache Error Log?
The question about where you find the error log seems to cause absolutely the most confusion. The reason there’s so much confusion? Well, there are actually several contributing factors:
- Apache is a cross-platform web server that will run on just about any OS you might use. Just figuring out which version to download will confuse you, let alone finding some log file it produces.
- Most Apache installations occur on Unix and Linux system, which have even further fragmentation as to where you might find things.
- Apache is extremely configurable. And while that makes it extremely flexible and powerful, it also makes things even harder to find, since you can put them anywhere.
What does all of this add up to? Well, when you type “where is the Apache error log” into Google, Google could save you a lot of clicking and bouncing by just popping up a message saying, “No one actually knows where yours is.”
All is not lost, though.
You could google your operating system to see where it tends to keep log files or where default Apache log files generally go. Understand that you’ll have to search by your specific operating system. On *nix systems, a typical location for the log files would be under the ‘/var/log’ directory.
But what I’d do instead is actually figure out where your Apache config files are. Once you’ve got that, you can find the location of the error log (and other logs) because they’re configurable Apache settings.
For instance, this is a typical example of the log’s location configuration:
By the way, you’re not forced to use “error.log” as the file name. Instead, any valid name you inform will do. If the name informed refers to an existent file, new log entries will be appended to it.
How Do You Check the Apache Error Log?
Once you’ve found it, how do you go about actually checking it? Well, to understand that, understand what it is.
The Apache error log is a text file. So you can open it with any text editor or with a command line utility like tail or cat. Those will give you a quick peek at the contents and let you scroll through to find what you’re looking for. The file’s entries will be in chronological order.
Suppose you want to use the “tail” utility. How would you go about that in practice? Easy. First, you open a shell session. You then type the following command:
tail ?f /path-to/log
After running the command above you’ll see the file’s last few entries. You’ll also continue seeing new entries, as they occur.
Now, hopefully, your log file is small since it contains errors. But it might be big—too big to search easily. In that case, you might want to search the error log’s contents using grep and regex. Or you might consider employing a log aggregator to parse and turn the contents into data that you can query easily.
What Are the Apache Error Log Levels?
Since the Apache error log is a log file, not that different in concept from any other log file, it doesn’t come as a surprise that it also makes use of logging levels.
If you aren’t familiar with the concept of logging levels, we invite you to read the post we’ve published about it.
In a nutshell, logging levels are labels that can be applied to log entries. Then can then be used to filter the messages sent to the log file, effectively adjusting the verbosity in each message.
You can specify the desired level using the LogLevel directive, like in the following example:
The default level is indeed “warn”, but there are many other levels available:
Level, emerg , alert , crit , error , warn , notice, info , debug , trace1, trace2, trace3, trace4, trace5, trace6, trace7, trace8
You can head to Apache’s documentation if you want to learn about each level in detail.
Let’s talk try to compare the two logging levels here. We will compare warning and debug log levels. Warning, you only receive warning logs when the system is working as expected but something doesn’t seem right. If these warnings are not attended to on time, they might bring some real errors as time go on. On the other hand, debug log level logs almost everything that is happening on the server. It can be errors and just any other important message that can be helpful to you as a website administrator.
You can enable debug log level writing the flowing command in the main configuration file.
LogLevel alert rewrite:trace6
How to Use Grep to Get Information from the Apache Error Log?
As we’ve just mentioned, it’s possible to use the grep command to search the contents of your Apache error log file. So, let’s see some quick examples of how that can be done.
Suppose you want to filter your log entries with the warn level. This is the command you should run, based on the example location for an Apache error log mentioned a few sections back:
grep warn /var/log/apache2/error.log
Similarly, if you wanted to retrieve log entries marked with the notice level, you’d just have to replace warn with notice in the command above. Easy peasy.
Keep in mind, though, that Apache logs—the error log included—tend to be extremely long. Let’s say you only wanted to output the last 15 lines of your log. You can use the command tail to accomplish that.
Tail is a command that outputs the tail—that is, the end—of a file. By default, it outputs the last 10 lines. You can specify the number of lines using the -n option:
tail -n 5 /var/log/apache2/error.log
You can use tail along with grep in order to get a subset of log entries, then filter them. That’s what we do in the following example: we get five lines from the log file, then feed them to the grep command, which filters for entries containing “warn.’
tail -n 5 /var/log/apache2/error.log | grep warn
Now, suppose you want to do negative filtering. You want to see all log entries except those with the warn level. Can you do it using the grep command? You bet you can! You’d only have to add the -v option to the grep command:
grep -v warn /var/log/apache2/error.log
How You Should View the Apache Error Log—The ErrorLogFormat Directive
That covers how you can get at the file’s contents in the broadest sense. But how do you actually view and interpret the thing, semantically? What does each entry actually mean?
Well, let’s consider an example, taken from this page. This is representative of what an error log file entry could look like:
ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
#And the output:
[Fri Dec 16 01:46:23 2005] [error] [client 188.8.131.52] Directory index forbidden by rule: /home/test/ [Fri Dec 16 01:54:34 2005] [error] [client 184.108.40.206] Directory index forbidden by rule: /apache/web-data/test2 [Fri Dec 16 02:25:55 2005] [error] [client 220.127.116.11] Client sent malformed Host header [Mon Dec 19 23:02:01 2005] [error] [client 18.104.22.168] user test: authentication failure for "/~dcid/test1": Password Mismatch
You can probably infer the format here of each entry: timestamp, log level, remote host, error message.
Unlike the access log that I mentioned earlier, you don’t have endless customization options here. The format of this particular file is actually fixed. But entries in this file will also correspond to entries in the access log, which you can configure.
You can also create custom log files of your choosing.
Managed Dedicated Servers
If you are using a managed dedicated server, there are a number of directories where you can find the Apache error logs. On cPanel server, you can find the apache access_logs in the following directory.
Now the access_log is where all the http requests are logged to.
Apache errors can be found in this directory /usr/local/apache/logs/error_log. All the Apache errors are logged in the error_log.
Another important folder you can look for is the demolog folder. Demologs are logs of domains, they are generated from the requests made to the domain. The directory can look like the following
Unmanaged Dedicated Servers
Like the name suggests, this is a type of server that is not managed by the hosting company and having that said, you have full control of this server and can decide where the Apache server can be writing the logs. The directories and folders will be up to your tech team.
How Do You Clear the Apache Error Log?
I’ll bookend this post by answering a question that seems logical to wrap up. We’ve looked at what the error log is, where you find it, how you view it, and how you interpret it. How do you clear it? And why would you want to?
Well, let’s answer that second question first.
Simply put, over the course of a lot of time, that log file is going to get pretty unwieldy. And at some point, you’re not going to need error messages from two years ago anymore. So you want to clear it out to clean up some disk space, either truncating it outright or backing up a copy somewhere else.
As for clearing the logs themselves, there’s an interesting issue to contend with there. As long as the server is running, it holds a handle to the file for writing. So you can’t just open it and start editing it, and you can’t just back it up and delete it.
Perhaps the simplest technique is to have root access and do something like this—overwriting the file contents with nothing. I’d suggest making a copy of the file first, though.
Alternatively, you can follow the instructions here, on Apache’s site, related to log rotation and piped logs. These are more involved but more “proper” and less hack-y solutions.
But however you approach clearing the logs or logging in general, my recommendation would be always to err on the side of preserving as much information as you possibly can.
Apache Error Log: No Longer a Stranger
Today’s post was another installment of our series that covers different aspects of logging. Thematically, this post doesn’t differ dramatically from the previous ones. After all, it covers the Apache error log, which is a special kind of log file. Structurally, though, this post was a novelty, since we’ve adopted a Q&A format for it.
Throughout the post, we’ve walked you through a list of common questions about the Apache error log. You’ve learned, among other things:
- what the Apache error log is
- where can you find it
- how to check the log
- the best way to visualize the log’s content
By now, you should have a solid grasp of the Apache error log fundamentals.
Hopefully, you can apply the knowledge you’ve obtained from this post to troubleshoot issues quickly, accessing the precious data contained on your apache log files and turning them into valuable insights for your organization.
Learn more about Scalyr by checking out a demo here.