Log files contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information.
For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks.
Log files can be very useful when trying to troubleshoot a problem with the system, such as trying to load a kernel driver or when looking for unauthorized login attempts to the system.
This chapter discusses where to find log files, how to view log files, and what to look for in log files.
Log files track each request made to your website. They record information such as time and date of request, remote host, and the file accessed. Perhaps the most useful record it keeps is the URL of the page that referred to your website.
Please Note: Information from Log files are automatically converted by the reporting system, WEBTRENDS, into meaningful information and provided to all customers free of charge.
On even a moderately busy server, the quantity of information stored in the log files is very large. The access log file typically grows 1 MB or more per 10,000 requests. It will consequently be necessary to periodically rotate the log files by moving or deleting the existing logs.
This cannot be done while the server is running because Apache will continue writing to the old log file as long as it holds the file open. Instead, the server must be restarted after the log files are moved or deleted so that it will open new log files.
By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending connections from clients.
However, in order to accomplish this, the server must continue to write to the old log files while it finishes serving old requests. It is, therefore, necessary to wait for some time after the restart before doing any processing on the log files.
Apache httpd is capable of writing errors and accessing log files through a pipe to another process rather than directly to a file. This capability dramatically increases the flexibility of logging without adding code to the main server.
In order to write logs to a pipe, simply replace the filename with the pipe character "|," followed by the name of the executable, which should accept log entries on its standard input.
Apache will start the piped-log process when the server starts and will restart it if it crashes while the server is running.
On startup, Apache httpd saves the process id of the parent httpd process to the file logs/httpd.pid. This filename can be changed with the PIDFile directive.
The process-id is for use by the administrator in restarting and terminating the daemon by sending signals to the parent process; on Windows, use the -k command-line option instead.
In order to aid in debugging, the ScriptLgo directive allows you to record the input to and output from CGI scripts. This should only be used in testing - not for live servers.
When using the powerful and complex features of a mod-rewrite, it is almost always necessary to use the RewriteLog to help in debugging. This log file produces a detailed analysis of how the rewriting engine transforms requests.
The level of detail is controlled by the RewriteLogLevel directive.
Most log files are located in the /var/log/ directory. Some applications such as httpd and samba have a directory within /var/log/ for their log files.
You may notice multiple files in the log file directory with numbers after them. These are created when the log files are rotated. Log files are rotated, so their file sizes do not become too large.
The logrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d/ directory. By default, it is configured to rotate every week and keep four weeks' worth of previous log files.
Most log files are in plain text format. You can view them with any text editor such as Vi or Emacs. Some log files are readable by all users on the system; however, root privileges are required to read most log files.
To view system log files in an interactive, real-time application, use the Log Viewer. To start the application, go to Applications (the main menu on the panel) => System Tools => System Logs, or type the command system-log viewer at a shell prompt.
To add a log file to the list, select Edit => Preferences and click the Add button in the Log Files tab.