Thursday, 20 September 2018

Viewing live Apache logs with tail, grep and egrep

There are times you may need to monitor what's happening on an Apache web server as is happens. This can be done from the command line using a combination of the tail command, which outputs the last part of a file, and grep or egrep which are used for regular expression pattern matching.

Viewing everything

If the log file to view is at /var/log/apache/myvirtualhost.log the first command below will show the last few lines from the file and then continue to echo to the command line as new lines are entered into the log file i.e. as additional requests are made to the web server.
tail -f /var/log/apache/myvirtualhost.log
The -f flag is what makes the tail command output additional data as it is appended to the log.

Viewing everything from a specific IP address

Tail can be combined with grep to pattern match. To filter the results to only show requests for a specific IP address (in this example 192.168.206.1) pipe the output from tail through grep like so:
tail -f /var/log/apache/myvirtualhost.log | grep 192.168.206.1
This can be useful to only show results from your own requests.
Note that the above example would also match e.g. 192.168.206.10 etc and that dots will match any character not just the period divider; if this is a concern then escape the dots with \ and put the IP address in brackets with a space after the last digit in the IP address like this:
tail -f /var/log/apache/myvirtualhost.log | grep "192\.168\.206\.1 "

Viewing everything excluding a specific IP address

Adding the -v flag to grep excludes the pattern. If you want to exclude requests from your own IP address but show everything else this can be useful:
tail -f /var/log/apache/myvirtualhost.log | grep -v "192\.168\.206\.1 "

Including particular file types only

If you only want to watch for requests for a particular file type, or even a particular file then use the same concept as grepping for the IP address. For example to show only jpg files:
tail -f /var/log/apache/myvirtualhost.log | grep .jpg
And to match a specific file, for example the robots.txt file if perhaps you are looking out for when a search engine bot hits the site:
tail -f /var/log/apache/myvirtualhost.log | grep robots.txt

Excluding particular file types

To show only webpages can be problematic especially if there is no common extension for the files being served, and some might end with / whereas other might end with .html, or there might be query strings at the end of the URL which present issues with pattern matching.
A possible solution is instead to exclude everything that's not a webpage. Multiple exclusions can be entered by separating them with the pipe | character when using egrep instead of grep. To exclude several common file extensions and show hopefully just web pages do this:
tail -f /var/log/apache/myvirtualhost.log | egrep -v "(.gif|.jpg|.png|.swf|.ico|.txt|.xml|.css|.js|.rss)"
Note that because the regular expression contains the pipe character the expression must be contained within quotes. You can adjust the above list of extensions to suit your own conditions.

Related posts:

0 comments:

Post a Comment