« mod_jk times out on initial connections | Main | Second Place! »


Logging in Apache for IIS Admins

One of the nice things about IIS is that you don't need to worry about log file rotation. "Out of the box", this is handled for you. New log files are rotated on a nightly basis.

By default, apache logging is a bit different. One file "access_log" is created that contains all of the requests made to the site. "error_log" contains all the server errors. These files can get to be quite large, which makes looking for stuff when you really need to difficult. Setting up log file rotation is fairly straightforward however and if you're loading mod_logio, you can get some interesting additional logging options.

If you open up your httpd.conf, scroll down to the logging section. You'll see something like the following:
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog logs/error_log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\  " %I %O" combinedio

# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog logs/access_log common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog logs/access_log combined


The common log file format doesn't give you the user-agent or the referring web site, which most folks find pretty useful. The user-agent for the most part is the browser type and version that was used to access the site. Referral is the link used on someone else's site to get to your own, which could also be the search engine link that someone clicked to get to your site. The combined log file format will give you the data from the common log format plus the user-agent and the referral. If mod_logio is loaded, the defaults will give you a couple of additional data points in your log, %I and %O. %I logs how many bytes the client sent and %O logs the number of bytes that the server sent in the reply.

The first change you should make is to change that CustomLog directive to utilize combinedio from common.

Then, in the LogFormat directive line belonging to the combinedio log file type, make the following changes/additions:

Change the %h to %a. %h logs the hostname if someone mistakenly sets the HostnameLookups directive to "On", which can be a real performance killer. %a logs the IP Address of the client always regardless of whether Hostname Lookups are being performed. Adding %S after the %a will give you the client's source port, which could be useful in debugging as well as distinguishing multiple users coming in over the same IP. Add an %s in front of the %>s. %s provides the HTTP Status code before any redirect is processed. Adding a %T after the %b will give you the time in seconds it took to fulfill the request. If you want to display microseconds instead, change (or add) it to %D instead. Below is the new, improved combinedio log file type:
LogFormat "%a %l %u %t \"%r\" %s %>s %b %T \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

This final section will deal (finally!) with log file rotation. Move up to the ErrorLog directive.
ErrorLog logs/error_log     
ErrorLog "|bin/rotatelogs logs/error.log.%Y-%m-%d-%H_%M_%S 86400"     
Move down to the CustomLog directive and change:
CustomLog logs/access_log combinedio     
CustomLog "|bin/rotatelogs logs/access.log.%Y-%m-%d-%H_%M_%S 86400" combinedio 
rotatelogs is a built-in program that does what it looks like it does and the format of the ErrorLog and CustomLog directives will place a time- and datestamp at the end of the log file name and creates a new log file over at midnight (GMT). Restart apache and you will have rotating logs similar to IIS's built-in functionality but you will also enjoy a few additional items that IIS's w3c-extended does not provide. A future post will deal with things you can do to prune what gets logged in order to keep those log file sizes down so that you can actually look through them and find stuff.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Logging in Apache for IIS Admins: