Easy question about Apache log files.

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I notice that three seems to be a general Apache log file here:
/usr/local/apache/logs/access_log

Then also the specific account Apaches logs are in here:
/usr/local/apache/domlogs/


So my question is this - What is the exact use of the general log here /usr/local/apache/logs/access_log ?

Are these entries just for general access to the server IP?

Or, does the system extract individual account/domain accesses from this file and put them in the individual logs here /usr/local/apache/domlogs/ ?

Thanks for any help on this.
 

jpetersen

Well-Known Member
Dec 31, 2006
113
4
168
/usr/local/apache/logs/access_log is explained in httpd.conf:

Code:
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here.  Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog /usr/local/apache/logs/access_log common
The domlogs/* are for user specific sites, as defined in the VirtualHost entry for the domain in httpd.conf:

Code:
<VirtualHost x.x.x.x>
...
CustomLog domlogs/domain.com combined
</VirtualHost>

Things you will see in /usr/local/apache/logs/access_log are:

* chkservd checking the server status:
Code:
127.0.0.1 - - [31/Dec/2006:04:45:06 -0500] "GET /whm-server-status HTTP/1.0" 200 32466
* traffic sent to IP addresses that are not defined in a VirtualHost directive (such as those in /etc/ipaddrpool). This usually consists of spammers looking for open proxies and other cruft
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Hey thanks for this. That's what I thought.

So what would explain an giant abundance of 408 errors on this general Apache log file? For example, like miles and miles of this stuff:

88.240.215.75 - - [06/Jan/2007:02:20:04 -0600] "-" 408 -
80.134.96.63 - - [06/Jan/2007:02:20:10 -0600] "-" 408 -
88.241.134.93 - - [06/Jan/2007:02:20:12 -0600] "-" 408 -
85.101.242.187 - - [06/Jan/2007:02:20:30 -0600] "-" 408 -
212.156.189.43 - - [06/Jan/2007:02:20:34 -0600] "-" 408 -
85.106.224.40 - - [06/Jan/2007:02:20:43 -0600] "-" 408 -
85.96.14.199 - - [06/Jan/2007:02:20:45 -0600] "-" 408 -
85.106.224.40 - - [06/Jan/2007:02:20:46 -0600] "-" 408 -
85.102.163.24 - - [06/Jan/2007:02:20:49 -0600] "-" 408 -
88.224.173.38 - - [06/Jan/2007:02:20:52 -0600] "-" 408 -
88.224.173.38 - - [06/Jan/2007:02:21:06 -0600] "-" 408 -
88.239.47.130 - - [06/Jan/2007:02:21:14 -0600] "-" 408 -
85.98.241.71 - - [06/Jan/2007:02:21:53 -0600] "-" 408 -
85.107.239.164 - - [06/Jan/2007:02:22:01 -0600] "-" 408 -

I know that 408s are Apache time-outs, but why? And why are they entered in this particular log?
We get them very heavy on a couple of servers. It does not seem to matter if the load is high or low.

Thanks again.