Apache webserver logs are located in the logs catalogue. Secure HTTPS connection logs are located in apache.ssl.access.log file.
Here is an example of a log line:
example.com 2021-03-08T13:58:23.209048Z 1.2.3.4 12345 - user1 "GET / HTTP/2" 200 3390 "https://example.com/referer" "ApacheBench/2.3" 1621846 (064FD630-5.001)
Description of log line elements:
| example.com | Request target Domain/Host |
| 2021-03-08T13:58:23.209048Z | START Time of request in UTC |
| 1.2.3.4 | Requester’s IP address |
| 12345 | Request’s Port of origin . If Port is 0, the request was made through a trustworthy proxy (like Cloudflare) |
| – | Identd legacy, it is always -. |
| user1 | HTTP Basic Auth username. If Basic Auth is not used, - is displayed. |
| “GET / HTTP/2” | Request originating from clientGET is request method/ is request methodHTTP/2 is request’s protocol |
| 200 | Request response code returned from server.1xx response codes are informative.2xx codes are notifications of successful responses.3xx codes are forwards.4xx codes are errors from client.5xx codes are errors from server. |
| 3390 | Request response size in bytes. |
| “https://example.com/referer” | Referrer is the referral address from which the request was made |
| “ApacheBench/2.3” | The web browser or application that performed the request. |
| 1621846 | Time in microseconds, how long it took the web server to respond to the request. |
| (064FD630-5.001) | 064FD630 is PHP-ZFPM identificator. After the hyphen is the time in seconds (5.001s), how long it took PHP to process the request. If brackets contain ---, then it was not a PHP request. |