Understanding Apache access logs

Call Us 0800 107 7979

Service Status

Back to knowledgebase

26 July 2021

Apache access logs contain a lot of information about requests made to websites. This article looks at the information you find in the logs. In the next article I look at how to get specific information from logs.

Log format

The log format used by Apache can be customised but very few administrators do so. When you look at access log entries for your domain you almost certainly find they look something like this:

12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /wp-login.php HTTP/1.1" 404 11138 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"

Even if you have never looked at an access log before you probably understand most of the fields. The line starts with the IP address that made the request, and there is a timestamp between square brackets. After that you get the resource that was requested (“GET /wp-login.php”). You might also notice that Apache returned the status code 404 (“not found”). And, the last field shows that the request came from someone running Firefox 89 on Fedora.

Other fields are less obvious. For instance, the above example has three fields that are empty (“-“) and there is the number 11138 after the status code. Here is an overview of all the bits of information.

12.34.56.78

The IP address of the client (“remote host”).

–

The identity of the client. This field is rarely used and almost always shows a hyphen.

–

The user ID of the person who made the requests. This shows a username if you use password-protected directories (i.e. when someone needs to log in to access a resource). The field shows a hyphen if there was no login.

[20/Jul/2021:12:09:30 +0100]

The timestamp for the request. The format of the timestamps is a little awkward, as it is not so easy to process them using scripts. A timestamp in the format YYYY-MM-DD HH:MM:SS would be much easier.

“GET /wp-login.php HTTP/1.1”

This field contains three bits of information: HTTP method (such as GET or POST); the resource that was requested (/wp-login.php) and the protocol used (HTTP/1.1).

404

The status code returned to the client by Apache. In the example entry the status code is 404, which means that the wp-login.php page doesn’t exist.

11138

The number of bytes send back to the client.

“-“

The referrer for the request. This is typically the page that linked to the resource. In this case I pointed my browser straight at example.com/wp-login.php and the field is therefore empty.

“Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0”

The user agent request header. This field contains quite a bit of information. It shows that the request came from someone running Firefox 89 on Fedora Linux, and also reveals that this is a 64-bit operating system running the X11 window manager.

Confusing fields

There are three fields that might need a bit more of an explanation. The first is the user ID field (the third field). If you add password protection to a directory then your browser prompts you for a username and password when you try to access the protected area. If the login is successful then the username is shown in the third field.

The field doesn’t store other login names, such as the username of a WordPress user. However, it is used in cPanel’s access log. When you log into cPanel (or web mail) then the third field shows the login name.

Referrers

Another field worth highlighting is the referrer field. When I tried to access example.com/wp-login.php I got an error 404, as the page doesn’t exist. That was not the only request – there were a dozen or so related ones:

12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /wp-login.php HTTP/1.1" 404 11138 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /modules/system/system.base.css?qsfb62 HTTP/1.1" 200 5428 "http://example.com/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /modules/system/system.messages.css?qsfb62 HTTP/1.1" 200 961 "http://example.com/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /modules/user/user.css?qsfb62 HTTP/1.1" 200 1827 "http://example.com/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /modules/system/system.menus.css?qsfb62 HTTP/1.1" 200 2035 "http://example.com/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
12.34.56.78 - - [20/Jul/2021:12:09:30 +0100] "GET /modules/field/theme/field.css?qsfb62 HTTP/1.1" 200 550 "http://example.com/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0"
...

When I accessed wp-login.php I got a custom “page not found” page. That page downloads lots of other resources, such as style sheets. All those request have example.com/wp-login.php as the referrer, as that is the resource that triggered the requests.

The referrer can also be an external site, such as a search engine or a website that has linked to the page that was requested. So, you can use that to see what websites have linked to your website. And you probably also quickly learn about referrer spam. That is, other websites might link to your website purely to get listed in analytics tools such as Awstats. If the stats for your website are publicly available then the advertised website is effectively linked from your website, which may (or may not) improve the search engine ranking of the site.

User agents

And finally, it is worth bearing in mind that user agents can be spoofed. Apache records how a user identifies itself, but it doesn’t verify the information. So, I can tell Apache that I use ClownBrowser 0.1.0.1.0.1 on Windows 13:

12.34.56.78 - - [20/Jul/2021:13:26:07 +0100] "GET / HTTP/1.1" 200 8376 "-" "Hosanna/1.1 (Window 13; x128) ClownBrowser 0.1.0.1.0.1"

Featured Blogs

Exploring the Costs Associated With a Website

14th February 2024

By catalyst2 Team

In the digital age, getting a website is more than just a way to build an online presence, it’s a vital business investment. Not only do large retail businesses need a website, but smaller local businesses can also benefit from taking their business online. Recognising this importance, many businesses are now dedicating significant resources towards …

Read Article

The Importance of Dedicated Servers for E-Commerce Websites

26th January 2024

By catalyst2 Team

In the fast-paced world of e-commerce, having a reliable website is an essential factor in success. Whether you also have a brick-and-mortar store or solely a digital shop, ensuring your website is performing at its best can have a direct impact on your bottom line. Factors such as website uptime, ease of navigation and speed …

Read Article

Things to Consider During a Website Review

10th January 2024

By catalyst2 Team

Designing a website requires careful consideration and several reviews during the development stages to ensure everything is perfect. Once live, it can be easy to assume that no further updates are needed and your website will continue to perform well, however, this isn’t always the case. Regularly reviewing your website is essential to ensure its …

Read Article

Why You Should Be Proactive With Server Maintenance

23rd December 2023

By catalyst2 Team

More so than ever before, businesses heavily depend on their websites to improve brand awareness and attract new customers, so the importance of server maintenance shouldn’t be overlooked. Ultimately, the backbone of online business success lies in the reliability and efficiency of servers. For website owners, ensuring the seamless operation of their servers is essential …

Read Article

Improving the First Impressions of Your Website

12th December 2023

By catalyst2 Team

In the digital world, first impressions are crucial, especially when it comes to your website. It only takes a few seconds for a visitor to form an opinion about your business based on your website. This short window of time highlights the importance of ensuring your website is not only visually appealing but also fast, …

Read Article

Signs You Need a New Website Hosting Provider in 2024

6th December 2023

By catalyst2 Team

As 2024 quickly approaches, it’s an opportune time for businesses to review and evaluate the success of their online presence. The end of the year is perfect to reflect on what has worked, what hasn’t and what changes might be needed moving forward. An essential aspect of this review is your website and, in particular, …

Read Article

Managed Kubernetes; A Convenient Solution for Businesses

29th November 2023

By catalyst2 Team

Businesses are continually searching for new ways to streamline their operations and optimise their application deployment processes. Kubernetes, a powerful container orchestration platform, has become the go-to solution for managing containerised applications. Its ability to automate deployment, scaling and management of applications makes it ideal for any business currently running applications on multiple virtual machines …

Read Article

Ways to Reduce Website Bounce Rates

15th November 2023

By catalyst2 Team

When reviewing website performance and the success of digital marketing campaigns, there are several important metrics that business owners will compare. One of these metrics is the ‘bounce rate’ and a high bounce rate can be an indication that something isn’t working. Understanding what’s causing visitors to bounce off your website is key to making …

Read Article

Preparing Your E-Commerce Website for Black Friday

25th October 2023

By catalyst2 Team

Different times of the year present different challenges for retailers and e-commerce businesses. The lead-up to the holiday season is known for being busy and Black Friday, in particular, is a monumental day where shopping activity reaches a peak. With more businesses now offering Black Friday deals online for a few days or even a …

Read Article

What is UX and How to Improve Your Website

4th October 2023

By catalyst2 Team

When trying to reach a wider audience, having a good online presence is crucial. A website can help to increase brand awareness and get more people talking about your products or services. The importance of a website extends beyond brand visibility though, it will become a platform for customer engagement and business transactions. However, simply …

Read Article

What our clients say

We really rate catalyst2. We get a great response from the team… really happy with the service.

Mike Fieldhouse, realityhouse

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_5562310_11	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_ashkii	session	No description available.
_wicasa	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
cookid	3 months	No description available.
cookietest	session	No description
crisp-client/domain-detect/1644827320973	session	No description
crisp-client/domain-detect/1644827348275	session	No description
crisp-client/domain-detect/1644827428415	session	No description
crisp-client/domain-detect/1644827479357	session	No description
crisp-client/domain-detect/1644827596454	session	No description
crisp-client/domain-detect/1644827724838	session	No description
crisp-client/domain-detect/1644827824383	session	No description
crisp-client/domain-detect/1644827878659	session	No description
crisp-client/domain-detect/1644828716243	session	No description
crisp-client/domain-detect/1644828846246	session	No description
crisp-client/domain-detect/1644829369013	session	No description
crisp-clientsession30cc6953-ebcf-4bc6-b649-c44eb446409e	6 months	No description
dbmFP	3 months	No description available.
dbmPK	3 months	No description available.
li_gc	2 years	No description