Webserver directives determine what information goes into the WWW logs. Everything in the logs can be analyzed later, but you want to balance that with what’s needed, since too much logging can slow down the server. While logging is important, it can be disabled to achieve higher efficiency.

Although Apache and NginX provide some good default logging options, they also allow you to override what’s logged by configuring custom log types. Apache’s LogFormat directive uses a format string using many of the entries below.

• %a outputs the remote IP address.

• %b is the size of the response in bytes.

• %f is the filename.

• %h is the remote host.

• %m is the request method.

• %q is the query string.

• %T is the time it took to process the request (in seconds).

In Listing 17.7 a string defining the nickname common captures the remote host, identity, remote user, time, first line of request (GET) status code, and response size. An advanced configuration saves additional headers like referrer and user-agent under the nickname combined. These two nicknames are included by default in Apache and NginX. An example of the two formats is shown with sample output in Listing 17.7.

# "%h %l %u %t \"%r\" %>s %b" //common
24.114.40.54 - - [04/Aug/2020:16:38:22 +0000] "GET /css1.css HTTP/1.1" 500 635
//combined
# "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
24.114.40.54 - - [04/Aug/2020:16:38:22 +0000] "GET /css1.css
 HTTP/1.1" 500 635 "http://funwebdev.com/" "Mozilla/5.0 (iPhone;
 CPU iPhone OS 6_1_4 like Mac OS X) AppleWebKit/536.26 (KHTML,
 like Gecko) Version/6.0 Mobile/10B350 Safari/8536.25"

For a complete list of flags, check out the mod_log_config documentation for Apache and ngx_http_log_module for NginX.¹⁶

If no maintenance of your log files is ever done, then the logs would keep accumulating and the file would grow in size until eventually it would start to impact performance or even use up all the space on the system. At about 1 MB per 10,000 requests, even a moderately busy server can generate a lot of data rather quickly.

Being aware of log file management is essential, but often you can ignore the details, since the defaults work for most situations. However, if your employer requires that log files be retained beyond what is done by default or you want to fine-tune your server’s performance, you will appreciate the ability to change the rotation policies.

There are several mechanisms that can handle log rotation, so that logs are periodically moved and deleted.¹⁷ logrotate is the daemon running on most systems by default to handle this task. For now you might see manifestation of log rotation with multiple versions of files in your log directory as seen in Listing 17.8.

total 6.2M
-rw-r--r-- 1 root root 2.0M Jul 14 03:21 access_log-19130714
-rw-r--r-- 1 root root 1.3M Jul 21 03:29 access_log-19130721
-rw-r--r-- 1 root root 1.1M Jul 28 03:33 access_log-19130728
-rw-r--r-- 1 root root 1.7M Aug 4 03:25 access_log-19130804
-rw-r--r-- 1 root root 69K Aug 4 21:07 access_log