Today features another post about the nuts and bolts of logging. This time, I’ll be talking about the Apache error log in some detail.
Originally, I had a different plan and outline for this post. But then I started googling for good reference material. And what I found were way more questions than answers about the topic, many on various Stack Exchange sites. It seems that information about the Apache error log is so scarce that people can’t agree on where to ask questions, let alone get answers to them.
So let’s change that. I’m going to phrase this as a Q&A-based outline, hopefully answering all of the questions you might have come looking for—if you googled the term—while also providing a broad narrative for regular readers.
First of All, What Is the Apache Error Log?
First things first. What exactly is this thing we’re talking about here? To understand that, you first need to understand what Apache is. Apache is a web server, in the software sense of the term. As briefly as possible, this means that it’s the application in which you put your website’s files, and it manages inbound HTTP requests.
Now as you might imagine, something that manages the websites you build is a fairly involved and fairly important piece of software. And, as such, it produces a lot of log data.
Apache’s error log is part of that log data that it produces. It’s a standalone file that specifically contains information about errors produced as the Apache web server starts up and runs. According to Apache’s section on the subject, it is “the most important log file.”
So there you have it. The Apache error log is a log file (and the most important log file) of Apache’s runtime errors.
The next thing people seem to wonder about a lot has to do with differentiating between the access log and the error log. Are these two different things? Or is it just kind of two names for the same thing?
They’re two different, distinct things. The error log is not the same thing as the access log.
For those who follow the blog, you may recall that I’ve posted in detail about the Apache access log. The access log keeps track of all of the requests that come into the web server and who has sent them. You can think of it as the really geeky equivalent of an event guest log. It keeps track of things like IP addresses of visitors, the URL requested, the response, etc.
Now, while the access log may have information related to problems that happen, the error log—the subject of our focus today—is specifically dedicated to logging errors and problems that occur with the running of the server. You can mine the access log for general information about web requests but look in the error log for, well, errors.
Where Do You Find the Apache Error Log?
The question about where you find the error log seems to cause absolutely the most confusion. The reason there’s so much confusion? Well, there are actually several contributing factors:
- Apache is a cross-platform web server that will run on just about any OS you might use. Just figuring out which version to download will confuse you, let alone finding some log file it produces.
- Most Apache installations occur on Unix and Linux system, which have even further fragmentation as to where you might find things.
- Apache is extremely configurable. And while that makes it extremely flexible and powerful, it also makes things even harder to find, since you can put them anywhere.
What does all of this add up to? Well, when you type “where is the Apache error log” into Google, Google could save you a lot of clicking and bouncing by just popping up a message saying, “No one actually knows where yours is.”
All is not lost, though.
You could google your operating system to see where it tends to keep log files or where default Apache log files generally go. Understand that you’ll have to search by your specific operating system.
But what I’d do instead is actually figure out where your Apache config files are. Once you’ve got that, you can find the location of the error log (and other logs) because they’re configurable Apache settings.
How Do You Check the Apache Error Log?
Once you’ve found it, how do you go about actually checking it? Well, to understand that, understand what it is.
The Apache error log is a text file. So you can open it with any text editor or with a command line utility like tail or cat. Those will give you a quick peek at the contents and let you scroll through to find what you’re looking for. The file’s entries will be in chronological order.
Now, hopefully, your log file is small since it contains errors. But it might be big—too big to search easily. In that case, you might want to search the error log’s contents using grep and regex. Or you might consider employing a log aggregator to parse and turn the contents into data that you can query easily.
That covers how you can get at the file’s contents in the broadest sense. But how do you actually view and interpret the thing, semantically? What does each entry actually mean?
Well, let’s consider an example, taken from this page. This is representative of what an error log file entry could look like:
[Fri Dec 16 01:46:23 2005] [error] [client 188.8.131.52] Directory index forbidden by rule: /home/test/ [Fri Dec 16 01:54:34 2005] [error] [client 184.108.40.206] Directory index forbidden by rule: /apache/web-data/test2 [Fri Dec 16 02:25:55 2005] [error] [client 220.127.116.11] Client sent malformed Host header [Mon Dec 19 23:02:01 2005] [error] [client 18.104.22.168] user test: authentication failure for "/~dcid/test1": Password Mismatch
You can probably infer the format here of each entry: timestamp, log level, remote host, error message.
Unlike the access log that I mentioned earlier, you don’t have endless customization options here. The format of this particular file is actually fixed. But entries in this file will also correspond to entries in the access log, which you can configure. You can also create custom log files of your choosing.
How Do You Clear the Apache Error Log?
I’ll bookend this post by answering a question that seems logical to wrap up. We’ve looked at what the error log is, where you find it, how you view it, and how you interpret it. How do you clear it? And why would you want to?
Well, let’s answer that second question first. Simply put, over the course of a lot of time, that log file is going to get pretty unwieldy. And at some point, you’re not going to need error messages from two years ago anymore. So you want to clear it out to clean up some disk space, either truncating it outright or backing up a copy somewhere else.
As for clearing the logs themselves, there’s an interesting issue to contend with there. As long as the server is running, it holds a handle to the file for writing. So you can’t just open it and start editing it, and you can’t just back it up and delete it. Perhaps the simplest technique is to have root access and do something like this—overwriting the file contents with nothing. I’d suggest making a copy of the file first, though.
Alternatively, you can follow the instructions here, on Apache’s site, related to log rotation and piped logs . These are more involved but more “proper” and less hack-y solutions. But however you approach clearing the logs or logging in general, my recommendation would be always to err on the side of preserving as much information as you possibly can.