<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX              This file is generated from xml source: DO NOT EDIT        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX      --><title>Log Files - Apache HTTP Server</title><link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="./images/favicon.ico" rel="shortcut icon" /></head><body id="manual-page"><div id="page-header"><p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="./faq/">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="./images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="./images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="./">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Log Files</h1><div class="toplang"><p><span>Available Languages: </span><a href="./en/logs.html" title="English">&nbsp;en&nbsp;</a> |<a href="./es/logs.html" hreflang="es" rel="alternate" title="Espa駉l">&nbsp;es&nbsp;</a> |<a href="./ja/logs.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |<a href="./ko/logs.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p></div>    <p>In order to effectively manage a web server, it is necessary    to get feedback about the activity and performance of the    server as well as any problems that may be occurring. The Apache    HTTP Server provides very comprehensive and flexible logging    capabilities. This document describes how to configure its    logging capabilities, and how to understand what the logs    contain.</p>  </div><div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#security">Security Warning</a></li><li><img alt="" src="./images/down.gif" /> <a href="#errorlog">Error Log</a></li><li><img alt="" src="./images/down.gif" /> <a href="#accesslog">Access Log</a></li><li><img alt="" src="./images/down.gif" /> <a href="#rotation">Log Rotation</a></li><li><img alt="" src="./images/down.gif" /> <a href="#piped">Piped Logs</a></li><li><img alt="" src="./images/down.gif" /> <a href="#virtualhost">Virtual Hosts</a></li><li><img alt="" src="./images/down.gif" /> <a href="#other">Other Log Files</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="security" id="security">Security Warning</a></h2>        <p>Anyone who can write to the directory where Apache is    writing a log file can almost certainly gain access to the uid    that the server is started as, which is normally root. Do    <em>NOT</em> give people write access to the directory the logs    are stored in without being aware of the consequences; see the    <a href="misc/security_tips.html">security tips</a> document    for details.</p>    <p>In addition, log files may contain information supplied    directly by the client, without escaping. Therefore, it is    possible for malicious clients to insert control-characters in    the log files, so care must be taken in dealing with raw    logs.</p>  </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="errorlog" id="errorlog">Error Log</a></h2>        <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td /><td><ul><li><code class="directive"><a href="./mod/core.html#errorlog">ErrorLog</a></code></li><li><code class="directive"><a href="./mod/core.html#loglevel">LogLevel</a></code></li></ul></td></tr></table>    <p>The server error log, whose name and location is set by the    <code class="directive"><a href="./mod/core.html#errorlog">ErrorLog</a></code> directive, is the    most important log file. This is the place where Apache httpd    will send diagnostic information and record any errors that it    encounters in processing requests. It is the first place to    look when a problem occurs with starting the server or with the    operation of the server, since it will often contain details of    what went wrong and how to fix it.</p>    <p>The error log is usually written to a file (typically    <code>error_log</code> on unix systems and    <code>error.log</code> on Windows and OS/2). On unix systems it    is also possible to have the server send errors to    <code>syslog</code> or <a href="#piped">pipe them to a    program</a>.</p>    <p>The format of the error log is relatively free-form and    descriptive. But there is certain information that is contained    in most error log entries. For example, here is a typical    message.</p>    <div class="example"><p><code>      [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1]      client denied by server configuration:      /export/home/live/ap/htdocs/test    </code></p></div>    <p>The first item in the log entry is the date and time of the    message. The second entry lists the severity of the error being    reported. The <code class="directive"><a href="./mod/core.html#loglevel">LogLevel</a></code>    directive is used to control the types of errors that are sent    to the error log by restricting the severity level. The third    entry gives the IP address of the client that generated the    error. Beyond that is the message itself, which in this case    indicates that the server has been configured to deny the    client access. The server reports the file-system path (as    opposed to the web path) of the requested document.</p>    <p>A very wide variety of different messages can appear in the    error log. Most look similar to the example above. The error    log will also contain debugging output from CGI scripts. Any    information written to <code>stderr</code> by a CGI script will    be copied directly to the error log.</p>    <p>It is not possible to customize the error log by adding or    removing information. However, error log entries dealing with    particular requests have corresponding entries in the <a href="#accesslog">access log</a>. For instance, the above example    entry corresponds to an access log entry with status code 403.    Since it is possible to customize the access log, you can    obtain more information about error conditions using that log    file.</p>    <p>During testing, it is often useful to continuously monitor    the error log for any problems. On unix systems, you can    accomplish this using:</p>    <div class="example"><p><code>      tail -f error_log    </code></p></div>  </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div><div class="section"><h2><a name="accesslog" id="accesslog">Access Log</a></h2>        <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code></li><li><code class="module"><a href="./mod/mod_setenvif.html">mod_setenvif</a></code></li></ul></td><td><ul><li><code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code></li><li><code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code></li><li><code class="directive"><a href="./mod/mod_setenvif.html#setenvif">SetEnvIf</a></code></li></ul></td></tr></table>    <p>The server access log records all requests processed by the    server. The location and content of the access log are    controlled by the <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code>    directive. The <code class="directive"><a href="./mod/mod_log_config.html#logformat">LogFormat</a></code>    directive can be used to simplify the selection of     the contents of the logs. This section describes how to configure the server    to record information in the access log.</p>    <p>Of course, storing the information in the access log is only    the start of log management. The next step is to analyze this    information to produce useful statistics. Log analysis in    general is beyond the scope of this document, and not really    part of the job of the web server itself. For more information    about this topic, and for applications which perform log    analysis, check the <a href="http://dmoz.org/Computers/Software/Internet/Site_Management/Log_analysis/">    Open Directory</a> or <a href="http://dir.yahoo.com/Computers_and_Internet/Software/Internet/World_Wide_Web/Servers/Log_Analysis_Tools/">    Yahoo</a>.</p>    <p>Various versions of Apache httpd have used other modules and    directives to control access logging, including    mod_log_referer, mod_log_agent, and the    <code>TransferLog</code> directive. The <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code> directive now subsumes	the functionality of all the older directives.</p>    <p>The format of the access log is highly configurable. The format    is specified using a format string that looks much like a C-style    printf(1) format string. Some examples are presented in the next    sections. For a complete list of the possible contents of the    format string, see the <code class="module"><a href="./mod/mod_log_config.html">mod_log_config</a></code> <a href="mod/mod_log_config.html#formats">format strings</a>.</p>    <h3><a name="common" id="common">Common Log Format</a></h3>            <p>A typical configuration for the access log might look as      follows.</p>      <div class="example"><p><code>        LogFormat "%h %l %u %t \"%r\" %&gt;s %b" common<br />         CustomLog logs/access_log common      </code></p></div>      <p>This defines the <em>nickname</em> <code>common</code> and      associates it with a particular log format string. The format      string consists of percent directives, each of which tell the      server to log a particular piece of information. Literal      characters may also be placed in the format string and will be      copied directly into the log output. The quote character      (<code>"</code>) must be escaped by placing a back-slash before      it to prevent it from being interpreted as the end of the      format string. The format string may also contain the special      control characters "<code>\n</code>" for new-line and      "<code>\t</code>" for tab.</p>      <p>The <code class="directive"><a href="./mod/mod_log_config.html#customlog">CustomLog</a></code>	  directive sets up a new log file using the defined	  <em>nickname</em>. The filename for the access log is relative to	  the <code class="directive"><a href="./mod/core.html#serverroot">ServerRoot</a></code> unless it	  begins with a slash.</p>      <p>The above configuration will write log entries in a format      known as the Common Log Format (CLF). This standard format can      be produced by many different web servers and read by many log