Easy question about Apache log files.

J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I notice that three seems to be a general Apache log file here:
/usr/local/apache/logs/access_log

Then also the specific account Apaches logs are in here:
/usr/local/apache/domlogs/


So my question is this - What is the exact use of the general log here /usr/local/apache/logs/access_log ?

Are these entries just for general access to the server IP?

Or, does the system extract individual account/domain accesses from this file and put them in the individual logs here /usr/local/apache/domlogs/ ?

Thanks for any help on this.
 
J

jpetersen

Well-Known Member
Dec 31, 2006
113
5
168
/usr/local/apache/logs/access_log is explained in httpd.conf:

Code: 
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here.  Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog /usr/local/apache/logs/access_log common
The domlogs/* are for user specific sites, as defined in the VirtualHost entry for the domain in httpd.conf:

Code: 
<VirtualHost x.x.x.x>
...
CustomLog domlogs/domain.com combined
</VirtualHost>

Things you will see in /usr/local/apache/logs/access_log are:

* chkservd checking the server status:
Code: 
127.0.0.1 - - [31/Dec/2006:04:45:06 -0500] "GET /whm-server-status HTTP/1.0" 200 32466
* traffic sent to IP addresses that are not defined in a VirtualHost directive (such as those in /etc/ipaddrpool). This usually consists of spammers looking for open proxies and other cruft
 
J

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Hey thanks for this. That's what I thought.

So what would explain an giant abundance of 408 errors on this general Apache log file? For example, like miles and miles of this stuff:

88.240.215.75 - - [06/Jan/2007:02:20:04 -0600] "-" 408 -
80.134.96.63 - - [06/Jan/2007:02:20:10 -0600] "-" 408 -
88.241.134.93 - - [06/Jan/2007:02:20:12 -0600] "-" 408 -
85.101.242.187 - - [06/Jan/2007:02:20:30 -0600] "-" 408 -
212.156.189.43 - - [06/Jan/2007:02:20:34 -0600] "-" 408 -
85.106.224.40 - - [06/Jan/2007:02:20:43 -0600] "-" 408 -
85.96.14.199 - - [06/Jan/2007:02:20:45 -0600] "-" 408 -
85.106.224.40 - - [06/Jan/2007:02:20:46 -0600] "-" 408 -
85.102.163.24 - - [06/Jan/2007:02:20:49 -0600] "-" 408 -
88.224.173.38 - - [06/Jan/2007:02:20:52 -0600] "-" 408 -
88.224.173.38 - - [06/Jan/2007:02:21:06 -0600] "-" 408 -
88.239.47.130 - - [06/Jan/2007:02:21:14 -0600] "-" 408 -
85.98.241.71 - - [06/Jan/2007:02:21:53 -0600] "-" 408 -
85.107.239.164 - - [06/Jan/2007:02:22:01 -0600] "-" 408 -

I know that 408s are Apache time-outs, but why? And why are they entered in this particular log?
We get them very heavy on a couple of servers. It does not seem to matter if the load is high or low.

Thanks again.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C OpenSSL question re: EasyApache 4 Nov 20 Release Web Servers and Applications 4
K Upgrade to Easyapache 4 question Web Servers and Applications 3
V SOLVED EasyApache 4 security question Web Servers and Applications 2
I EasyApache4 and template question Web Servers and Applications 3
vlee EasyApache 4 Questions Web Servers and Applications 21
Similar threads
OpenSSL question re: EasyApache 4 Nov 20 Release
Upgrade to Easyapache 4 question
SOLVED EasyApache 4 security question
EasyApache4 and template question
EasyApache 4 Questions
Top Bottom