Main Lab

Overview

This module focused on looking through the Apache logs analyzing the results. The first step of the module involves simply using a command to pull the results of trying to connect to our Apache web server with the URLs of web01-isaiah/?test=1 and isaiah/totallyexist.html. After this I had to do some research to make sense of the results and made a table showing the results of 11 different fields.

Accessing Logs

To begin I used my ad02 VM to SSH into my web01 VM with my local isaiah@web01-isaiah account.

After this I opened up my web browser on wks02, and navigated to http://web01-isaiah/?test=1, which loaded with no issue, and then navigated to http://web01-isaiah/totallyexist.html, which resulted in a "Not Found" error.

After these attempts, I used the elevated command tail -n 3 /var/log/httpd/access_log to show the recent entries in the access log file.

I then filled out a table with 11 different fields and the results from trying to connect to web01-isaiah/?test=1 and trying to connect to web01-isaiah/totallyexist.html

Further Research

In order to make sense of the information pulled from my tail -n 3 /var/log/httpd/access_log command, I had to do some research to find what each field is and means. Information pulled from Better Stacks Community

---

Example Combined Log output:

Access Logs Fields

Hostname or IP address

%h → 127.0.0.1 - This is the IP address or hostname of the client that has made the request.

Remote Log Name

%l → alice - This is the remote log name or the name used to log in a user. If this field is not in use, the placeholder value - will be used.

Remote Username

%u → Alice - This field is the username of the logged in user, once again a placeholder value - will be used if not set.

Time and Date

%t → [06/May/2021:11:26:42 +0200] - The date and time of the request.

Request Method, Route, and Protocol

\"%r\" → "GET / HTTP/1.1" - A requests method, route, and protocol.

Response Code

%>s → 200 - The HTTP response status code. In this case, the response 200 indicates the request has succeeded.

Size of Response

%O → 3477 - The size of the response in bytes.

URL of the Referrer

\"%{Referer}i\" → "-" - The URL of the referrer. A placeholder value of - will be used if not set.

User Agent

\"%{User-Agent}i\" -> "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36" - A whole bunch of information about the User Agent of the client that made the request.

Works Cited

Isaiah, Ayooluwa. “How to View and Configure Apache Access & Error Logs.” Better Stack Community, betterstack.com/community/guides/logging/how-to-view-and-configure-apache-access-and-error-logs. Accessed 23 Oct. 2023.