Apache Tomcat

How to review Apache tomcat access logs

Nowadays, there is a tremendous pace in the software development cycle. All the Organizations have codebases containing a huge number of codes consisting of web pages interlinked. There are many circumstances when a system crashes or behaves unexpectedly.

To analyze and debug the issue, developers and system administrators look into the Log files to find the system’s problems. In reality, when a system is down, log files are often used as the primary source of information.

In every system, system administrators maintain all the activities related to requests received from various users and store them in a file called log files.

To debug the system, we can refer to the individual log files to gain insight into the system and move through the various timestamps to know the system’s state.

In this article, we’ll go into the specifics of these logs below: we’ll go through what’s stored in Apache access logs, where to find them, and how to review Apache tomcat access logs. It makes the system admins keep track of all the information and activities happening within their system.

What are Apache Access Logs?

Apache access logs are one of the kinds of log files produced by the Apache HTTP Server, as explained above. This log file is in charge of maintaining information about all requests handled by the Apache tomcat server.

As a result, if anyone visits a page on your site, the access log file would contain information about it.

This knowledge is useful in several situations: if a specific request fails for every person attempting to access a web page or a situation in which there is a delay in generating the response, we can go through SQL scripts and optimize them.

If one of the site’s pages is especially common, aggregating data from access logs may reveal requested resources, allowing businesses to improve their popularity by offering more relevant material.

How to Review Apache Tomcat Access Logs?

The logs’ location is determined by the operating system that the Apache HTTP server is made to execute the program. Linux distributions run the bulk of Apache HTTP server instances. So, for this article, we’ll concentrate on where to find and review Apache Tomcat access logs on a Linux machine.

In the case of Ubuntu and Linux kernel/operating system, these log records can be found in the following location:

/var/log/apache2/access.log

Some Linux distributions might have different default locations, but you won’t have to look far in most cases. A CustomLog directive can be referred to and updated within your Apache tomcat server.

CustomLog directive also takes the responsibility to store the location where it is stored and specify the format in which it has to be stored.

Extract Information from Apache Access Logs

Now, we will describe how to look into the access log files and interpret the data from them. Extracting information can help I.T. professionals and development teams to use it.

Reading Apache Access Logs

To make sense of the Apache access logs, the analyst must first consider the format in which the logs are stored.

As before stated, the format and location to access the logs are specified in the directory of CustomLog. Below, we’ll look at two common log formats that are widely used for Apache access logs.

Common Log Format (CLF)

The CLF is a structured text file format for creating server log files that are used by a variety of servers of web applications. The Popular Log Format can be used with an Apache HTTP server to generate access logs that are easy to read for developers and administrators.

Several log analysis systems can easily use CLF-formatted log files. It is a structured format used by many web servers. Below written is a type of access-log record which is written in CLF:

127.0.0.1 - sccott [10/Nov/2020:13:55:35 -0700] "GET /server-status HTTP/1.1" 200 2326

Hyphen: The hyphens identify the client in the 2nd field inside the log file.

127.0.0.1: Client’s IP address.

“GET /server-status HTTP/1.1” – resource and resource type being requested by the user.

200 - HTTP OK-response (status-code);

2326 - Response of HTTP request object's size

Combined Log Format (CLF)

The CLF is another common format for Apache access logs. This format is almost the same as that of the Popular Log Format, but it includes a few more fields to provide more detail for debugging and detailed analysis. Below written is a type of access-log record which is written in CLF:

27.0.0.1 - sccott [10/Dec/2019:13:55:36 -0700] "GET /server-status HTTP/1.1" 200 2326 "http://localhost/" "Mozilla/5.1 (Win NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

As it’s observable that, starting seven fields are common from the above format we discussed, the more fields in the format are following:

"http://localhost/"

This shows the address of the client system.

"Mozilla/5.1 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

The User-Agent defines information about the browser being used by the client to access the resource.

The “CustomLog” Directive

We stated earlier that the CustomLog directive in an Apache HTTP server configuration file is used to configure Apache access logs. Here we can look at an example of the configuration of logs to see how flexible are the directives of Custom logs:

LogFormat "%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"" combined

CustomLog /var/log/apache2/access.log combined

Above, we used the directive of Log Format to define the Combined L.F., and the CustomLog directive to define the location it stored along with it defines the format (combined) for the access log in which it has to be stored.

As you can see, changing the access log’s location or format is an easy procedure. Besides, using the CustomLog directive gives us a few other advantages, which we’ll go over later.

Multiple Access Logs (MAL)

There’s nothing as such constraints that are preventing you from configuring MAL for your Apache Tomcat server. From doing so, the process which is generally followed is very simple as you need to create more directives of Custom Logs to create your personalized log file:

LogFormat "%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"" combined

LogFormat "%{User-agent}i" agent

CustomLog /var/log/apache2/access.log combined

CustomLog /var/log/apache2/agent_access.log agent

Conditional Logs

It’s also very likely to write into access logs on a conditional basis. It is useful for many purposes, such as excluding records relevant to individual clients. Setting all the environment variables and referring them to the “env” keyword is usually based on how this is accomplished.

Log Rotation & Piped Logs

Log files, like everything else on a computer, take up space. And log files, such as access logs, can quickly develop on a busy tomcat server. Consequently, it’s important to have protocols in place for transferring or removing old log files regularly. Fortunately, using graceful restarts and piped log procedures, an Apache HTTP server can do it.

An Apache Tomcat server restart works well because it restarts without losing client connections.

This kind of restart makes Apache open and overwrites new log files by not interrupting clients, permitting the processing to compress or remove before used log files to save the new ones.

On the other side, Pipe logged processes will permit log details rotation without requiring a server to restart again; for example, Apache’s HTTP tomcat server includes a program called rotate-logs.

Rather than writing to a disc, access log entries can be piped into this application. The rotate-logs software allows you to rotate logs based on time or distance conditionally.

Conclusion

We have mentioned the complete details on reviewing Apache tomcat access logs and extracting the data from various log file formats. The developers and system administrators need to know how to go through log files and get debugging skills to ensure their smooth running.

So, Apache log access is one way to dive deeper into the system using the tomcat server to debug the system and go to any timestamp and check the system’s state as per the demand.

About the author

Prateek Jangid

A passionate Linux user for personal and professional reasons, always exploring what is new in the world of Linux and sharing with my readers.