The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Easy question about Apache log files.

Discussion in 'EasyApache' started by jols, Jan 4, 2007.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I notice that three seems to be a general Apache log file here:
    /usr/local/apache/logs/access_log

    Then also the specific account Apaches logs are in here:
    /usr/local/apache/domlogs/


    So my question is this - What is the exact use of the general log here /usr/local/apache/logs/access_log ?

    Are these entries just for general access to the server IP?

    Or, does the system extract individual account/domain accesses from this file and put them in the individual logs here /usr/local/apache/domlogs/ ?

    Thanks for any help on this.
     
  2. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    /usr/local/apache/logs/access_log is explained in httpd.conf:

    Code:
    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog /usr/local/apache/logs/access_log common
    
    The domlogs/* are for user specific sites, as defined in the VirtualHost entry for the domain in httpd.conf:

    Code:
    <VirtualHost x.x.x.x>
    ...
    CustomLog domlogs/domain.com combined
    </VirtualHost>
    

    Things you will see in /usr/local/apache/logs/access_log are:

    * chkservd checking the server status:
    Code:
    127.0.0.1 - - [31/Dec/2006:04:45:06 -0500] "GET /whm-server-status HTTP/1.0" 200 32466
    
    * traffic sent to IP addresses that are not defined in a VirtualHost directive (such as those in /etc/ipaddrpool). This usually consists of spammers looking for open proxies and other cruft
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Hey thanks for this. That's what I thought.

    So what would explain an giant abundance of 408 errors on this general Apache log file? For example, like miles and miles of this stuff:

    88.240.215.75 - - [06/Jan/2007:02:20:04 -0600] "-" 408 -
    80.134.96.63 - - [06/Jan/2007:02:20:10 -0600] "-" 408 -
    88.241.134.93 - - [06/Jan/2007:02:20:12 -0600] "-" 408 -
    85.101.242.187 - - [06/Jan/2007:02:20:30 -0600] "-" 408 -
    212.156.189.43 - - [06/Jan/2007:02:20:34 -0600] "-" 408 -
    85.106.224.40 - - [06/Jan/2007:02:20:43 -0600] "-" 408 -
    85.96.14.199 - - [06/Jan/2007:02:20:45 -0600] "-" 408 -
    85.106.224.40 - - [06/Jan/2007:02:20:46 -0600] "-" 408 -
    85.102.163.24 - - [06/Jan/2007:02:20:49 -0600] "-" 408 -
    88.224.173.38 - - [06/Jan/2007:02:20:52 -0600] "-" 408 -
    88.224.173.38 - - [06/Jan/2007:02:21:06 -0600] "-" 408 -
    88.239.47.130 - - [06/Jan/2007:02:21:14 -0600] "-" 408 -
    85.98.241.71 - - [06/Jan/2007:02:21:53 -0600] "-" 408 -
    85.107.239.164 - - [06/Jan/2007:02:22:01 -0600] "-" 408 -

    I know that 408s are Apache time-outs, but why? And why are they entered in this particular log?
    We get them very heavy on a couple of servers. It does not seem to matter if the load is high or low.

    Thanks again.
     
Loading...

Share This Page