I am trying to find out how many times a specific web file has been accessed. I have root access to the server, but not sure where to look. The only place I have looked in is /home/FTPUSER/access-logs which is a sym link to /usr/local/apache/domlogs/perrysre and that access log only has 1 day of data in it.
Any help would be greatly appreciated.
-
Hi, all Apache logs are usually stored in :
/var/log/apache(2)/access.log
/var/log/apache(2)/error.log
/var/log/apache(2)/customs .log
a nice commande I like in order to count something :
cat /var/log/apache2/access.log | grep WORD-TO-LOOK | wc -lthen you will have a number. Let's suppose you have a FTP logs, and every time john connects, there is a line 'John opened a session'. So you will do :
cat /var/log/ftp.log | grep John opened a session | wc -lwill give you how many times did John open a session. If you want period of times,etc you could also do it
AlberT : Why don't grep directly the file avoiding cat?markdrayton : You need to quote 'John opened a session' because it contains spaces. And "grep -c 'John opened a session' /var/log/ftp.log" avoids both cat and wc!Kronick : thanks for the new trick :)From Kronick -
I think, since from your question I can't argue the system settings you are operating in, a universal way to find files used by a process can do the trick.
Try using lsof -p
<PID_OF_APACHE_DAEMON>.You can retrieve the PID in a number of ways, one can be looking at netstat -tlnop output, another is using lsof -i, and so on.
This is a POC that can work:
lsof -p $(lsof -i :80 | head -2 | tail -1 | awk '{print $2}') | grep log httpd 2618 root mem REG 253,0 64072 /usr/lib/httpd/modules/mod_logio.so (path inode=63267) httpd 2618 root mem REG 253,0 64070 /usr/lib/httpd/modules/mod_log_config.so (path inode=63265) httpd 2618 root 2w REG 253,2 1461 720904 /var/log/httpd/error_log httpd 2618 root 6w REG 253,2 1461 720904 /var/log/httpd/error_log httpd 2618 root 7w REG 253,2 4483 720899 /var/log/httpd/access_logHere I have assumed your apache daemon is listening on the standard tcp port 80 of course.
From AlberT -
If your access log contains only a day's worth of data it is presumably being rotated each day. You'll need to work out how this is configured. If you're using Linux it might be with
logrotate-- look in/etc/logrotate.d/or/etc/logrotate.confif they exist. On FreeBSD log rotation is configured in/etc/newsyslog.conf.Apache might also be doing it via rotatelogs. If so, this'll be set up in a
CustomLogline in the server configuration (httpd.conf), which could be in/etc/httpdor, more likely given your log location,/usr/local/apache/conf.If none of this works ask the person who configured it!
From markdrayton
0 comments:
Post a Comment