- Introduction to Logging in Apache
- Default Apache Log Files
- Creating Log Formats
- Creating a Custom Log File
- Redirecting Logs to an External Program
- Logging Requests Conditionally
- Monitoring Who Is Linking to Your Website
- Monitoring Apache with mod_status
- Monitoring Apache with SNMP
- Analyzing Your Logs with Open-source Tools
- Monitoring Your Logs in Real Time
- Logging Requests to a Database
- Rotating and Archiving Logs
- Controlling IP Address Resolution
- Processing Logged IP Addresses
- Restarting Apache Automatically If It Fails
- Merging and Splitting Log Files
- Keeping Separate Logs for Each Virtual Host
- Common Log Entries
Common Log Entries
In addition to the information provided in Chapter 2, this section describes a number of log entries for some common errors that you may find when you review your log files. You can safely ignore most of them.
File favicon.ico Not Found
Most recent web browsers support displaying a custom icon next to the browser's location bar or when storing a bookmark. To do so, the browser requests a specific file from the website (favicon.ico). If this file is not present, you will get this error. You can learn more about how to provide this icon in your website in Chapter 1.
File robots.txt Not Found
The robots.txt file is a file requested by certain programs, such as automatic downloaders and web crawlers, when accessing your website. These are programs that scan websites, recursively following and downloading any links that they find. They are usually associated with search engines, and their main purpose is to store and index the retrieved contents. If the robots.txt file is not present, you will get this error.
On Unix systems, the httpd.pid file contains the PID (process id) for the Apache process currently running. It is created when Apache starts and deleted when it shuts down. When Apache does not have a clean shutdown, for example because the server had to be killed manually or the machine crashed, the file will not be deleted. In this case, it will still be present the next time the server starts, giving this error.
Long, Strange Requests
You may find strange requests such as the following in your error log:
"SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02 ..." "GET /scripts/..%252f../winnt/system32/cmd.exe?/ c+dir HTTP/1.0..." "GET /default.ida?NNNNNNN NNNNNNNNNNNNNNNNNN ..."
Or requests for executable files that do not exist in your website, such as cmd.exe, root.exe, dir, and so on.
There are log entries that result from automated attempts to exploit vulnerabilities in web servers. Luckily, most of them are generated by worms or other malicious applications specific to Microsoft Internet Information Server on Windows, and Apache is not affected. However, from time to time, flaws are discovered in Apache that could leave it vulnerable to remote attacks. For this reason, you should always keep your Apache server up to date, as described in Chapter 6.