How to read the access_log of Apache?
Folks,
This is really an apache question - not slackware question. But I have always received excellent advice from Slackware folks than anyone else. I am taking advantage of knowledge of slack floks once again. A standard apache installation yields an access log file called /usr/local/apache2/logs/access_log and after the server is up running for a while, it is usually loaded with contents like: 65.33.94.190 - - [05/Apr/2003:17:26:27 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 65.33.94.190 - - [05/Apr/2003:17:26:28 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274 65.33.94.190 - - [05/Apr/2003:17:26:29 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284 65.33.94.190 - - [05/Apr/2003:17:26:41 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288 12.246.123.60 - - [04/Apr/2003:13:01:15 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276 80.133.155.17 - - [03/Apr/2003:10:35:54 -0500] "PROPFIND /admin%24 HTTP/1.1" 405 305 What are these stuff? How do I read the access log. I would appreciate the answers to my question come in the following formats: 1) a simplified answer such as the_meaning_of_the_1st_field the_meaning_of_the_2nd_field the_meaning_of_the_3rd_field the_meaning_of_the_4th_field the_meaning_of_the_5th_field the_meaning_of_the_6th_field .... or 2) a pointer (a hyperlink) to the documenation where a detailed explanation can be found. By the way, does access_log provide any indication of security breach of the web server? If so, how does one tell by reading the log? Many Thanks. Kayaker |
Take a look at
http://www.serverwatch.com/tutorials...le.php/1127521 I once wrote a script to show the error log (I use it a lot when debugging programs) You could probably adapt it to show the access log in a mor ereadable format too: Code:
#!/usr/bin/perl |
Thank you David.
I found this page after posting the question. http://httpd.apache.org/docs/logs.html#accesslog perhaps it will be of interest to others as well. Kayaker |
Quote:
Looks cool though :) Cool |
I assume you are talking about the script.
1) Put it in a file called log.cgi within your cgi-bin 2) Give it executeable permissions 3) Make sure the error log file is pointing to the right place 4) Set the permissions on the logs/logs directory so the web server can read it. 5) Access http://yourhost/cgi-bin/log.cgi That's it! It automatically displays the last 15 lines of the error log in an easy to read table. It tries to group errors related to each individual access and puts an <HR> (horizontal rule) between them. If you want to see more than the last 15 lines then append the number of lines to view to the filename as a query string. To disply the last 100 - http://yourhost/cgi-bin/log.cgi?100 Let me know if you have any problems. |
Woohoo! Worked great, thanks! :) I tried to make an access log the same way, but it didn't quite work out the same, the date/time wasn't displayed, and all entries were grouped into one. But I will work on that...
Thanks! Cool |
Unlrelated:
You should sign up for affero. I was going to "affero" you, but it looks like you aren't signed up. Here's a thread with some info on it: http://www.linuxquestions.org/questi...threadid=25730 And here's my search string: http://www.linuxquestions.org/questi...der=descending For even more info ;) Cool |
I keep meaning to - I just never get round to it. No time like the present I suppose!
I'm glad you like it. I was just getting annoyed at reading horrible raw logs. There are plenty of analysers for access logs but nothing for us poor developers. There are a few simple enhancements that I may make at some point but consider it as GPL :D |
Cool, thanks again, and can you provide me any tips on how to go about setting this up for other logs, such as access_log?
:) |
Since you just clicked the Affreo - give me 10 mins!
|
The longest 10 minutes of my life!
Code:
#!/usr/bin/perl Oh I almost forgot the part where I tried to be clever and sent my server running 2 permenant loops (don't worry I fixed that :D) Anyway I think I'll stop for the night before I delete anything else or accidentally advise soemone to run "rm -rf /" Let me know how you get on with it - there are now some config options at the top that you may want to set first. if you have any problems or think I made a boo boo then I'll see what I can do. |
Wow! That works great! Thanks for all that work, really appreciate it :)
Cool |
Variable for changing log name
Hi David,
I tried the first script and it works nicely! What I would like to know is how to change it so that it will look for a log file that changes the name from day to day. I tried several wild card substitutions but with no success. Thanks, Ed Simpson |
All times are GMT -5. The time now is 04:11 PM. |