Apache Assignment - Hsanokklis/2023-2024-Tech-journal GitHub Wiki
Conduct and experiment similar to the one below where the first search http://web01-yourname/?test=1 (this will be successful and easy to find in the logs) is followed by an http request to a non-existent resource http://web01-yourname/totallyexist.html.
Deliverable 1. Provide a similar screenshot to the one below:
Deliverable 2. Research the Apache Logging Format. For each of YOUR log entries that reflect the first successful (?test) and then an unsuccessful URL (totallyexist.html) attempts, fill out a table similar to the one below.
Here are the logs
/?test=1 access log
10.0.5.150 - - [23/Oct/2023:10:56:43 -0400] "GET /?test=1 HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
/totallyexist.html error log
10.0.5.150 - - [23/Oct/2023:13:42:27 -0400] "GET /totallyexist.html HTTP/1.1" 404 215 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
Reserach
Apache Logging basics
The Apache Log records events handled by the Apache Web server, including requests from other computers, responses sent by Apache, and actions internal to the Apache server.
Access Log
The access log contains information about requests coming into the web server. This information can include:
- what pages people are viewing
- success status of requests
- how long the server took to respond
Here is an example of an access Apache log:
10.185.248.71
- This is the IP address of the client that made the request
[09/Jan/2015:19:12:06 +0000]
- This is the timestamp indicating when the request was made
808840
- This is the response time in microseconds, showing how long it took the server to process the request and generate the response.
GET /inventoryService/inventory/purchaseItem?userId=20253471&itemId=23434300 HTTP/1.1
- This is the HTTP request line.
- It contains:
- the HTTP method (GET)
- the requested URL path ("/inventoryService/inventory/purchaseItem?userId=20253471&itemId=23434300")
- the HTTP protocol version (HTTP/1.1)
500
- This is the HTTP status code returned by the server.
- Normally
500indicates an internal server error
- Normally
17
- This is the size of the response in bytes
Apache-HttpClient/4.2.6 (java 1.5)
- This is the User-Agent header sent by the client which provides information about the client's software and version.
Error Log
The Error log contains information about errors the web server encountered when processing requests, such as missing files. It can also include diagnostic information about the server itself.
Here is an example of an error Apache log:
[Thu Mar 13 19:04:13 2014]
- This part indicates the timestamp when the error occurred
[error]
- This part indicates the log level or log type
[client 50.0.134.125]
- This part provides information about the client that triggered the error
File does not exist:
- This part of the log is a message/description of the error
/var/www/favicon.ico
- This part indicates the path to the file or resource that the client was trying to access but couldn't find
Log Locations
By default, Apache stores access and error logs in separate files on the server (the location depends on your OS).
LogLevel Directive
The LogLevel directive determines the minimum severity level of events logged to a specific destination. The serverity level represents how important the event is and can range from:
Emerg
- Logs emergency messages.
- These are the most critical messages, indicating that the server is in serious trouble.
alert
- Logs alert messages.
- These indicate conditions that should be corrected immediately such as when the server is unable to continue reading.
crit
- Logs critical messages.
- These are critical conditions that typically requires immediate attention
error
- Logs error messages.
- These are significant problems but are less severe than critical conditions.
warn
- logs warning messages.
- These are warnings or situations that may not be errors but should be reviewed
notice
- logs notice messages
- These are events that are noteworthy but not necessarily problematic.
info
- logs informational messages
- These messages provide general information about the server's operations
debug
- Logs debug messages
- These are detailed debugging messages and are typically used for troubleshooting and development purposes.
LogFormat Directive
Controls the layout and formatting of log events. Apache uses Common Log Format (CLF) by default you can change fields in a log if you like.
Log Format Fields
There are 11 Log fields that provide information in an Apache log entry:
Client IP Address
- This is the IP address of the client that made the request
Remote User Identity or Remote User
- The username of the user who made the HTTP request to the server
- Used to record the authenticated user's identity when HTTP authentication is in place
- In practice
Remote Useris not often used/not available. - The
Remote User Identitybelow is represented with a hyphen-
Authenticated User Identity
- Represents the remote users identity
- is not often used/not available
- Represented with a hyphen
-
Timestamp
- Indicates when the request was made
- Includes the day of the week, month, day of the month, time and timezone (-0400)
Request Line
- This includes the request method i.e (HTTP, GET, POST)
Status Code
- Indicates the results of the servers processing the request
- For example
404meansNot Foundmeaning that the requested resource was not found on the server.
Response Size
- Indicates the size of the response in bytes
- the length of the content sent by the server in response to the request
Referer
- Indicates the URL of the page that referred the client to the current page.
- represented by a hyphen
-when field is not present
User-Agent
- A string sent by the client's browser or application
- Typically identifies the clients software, version, and platform
- provides info about the clients browser and OS.
Forwarded For
- An option field that may indicate the original client's IP address when requests are made through proxy servers.
Server Name
- Represents the hostname or IP addresses of the server that received the request
Final table for the assignment
Links used: