Split large apache log file into the past day

apache-2.2log-fileslogging

I have a 3GB log file, I need to extract the past 48 hours without downloading the entire 3GB file. How can I split the file up into the past 48 hours. So I can only download that single file?

I have full SSH access and I'm able to install additional tools.

Best Answer

Assuming you have shell access to the server with the log file, try

egrep '2[789]/Sep/2011' logfile.big > /tmp/logfile.small

That will go back to the beginning of the 27th, which is a little over 48 hours, but I would expect that to be much smaller than the whole file, and it's quick to do. Don't forget to gzip the resulting file before you transfer it, that will speed things up even more.

Related Solutions

“Catch-All” access log with Apache Virtual Hosts

See http://httpd.apache.org/docs/2.2/logs.html#virtualhost

If CustomLog or ErrorLog directives are placed inside a section, all requests or errors for that virtual host will be logged only to the specified file. Any virtual host which does not have logging directives will still have its requests sent to the main server logs.

In other words, if you place Logging directives within a VirtualHost section, it will override the Logging directives within the main server configuration. If you want to log to a single logfile, then remove the log configuration from your VirtualHost sections.

For simplicity, I prefer to log all Access data to a single logfile. Later, you can process the logs and split the logfiles into logfiles for the Virtual Hosts. Also, writing to a single logfile is a more efficient use of computer resources then writing to 30 logfiles at once. Just make sure your LogFormat includes the '%v', which will log the name of the Virtual Host.

Is it possible to have ALL accesses and errors duplicated to a shared logfile?

You can log all errors and access to a shared logfile, but the logfile is ugly. First, send the Apache log data to syslog, and then use syslog to send to a local file or a remote log server.

# Send access logs to syslog
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "|/usr/bin/logger -t httpd -i -p local7.notice" combined
# Send error logs to syslog
ErrorLog syslog:local7

And then in /etc/syslog.conf

# Send all HTTP log data to this file
local7.*        /var/log/http-all.log

Different Apache log file for each subdomain

You just specify ErrorLog and CustomLog within each VirtualHost directive. With that in mind, you would not be able to use ServerAlias and have separate log files for each host via normal performance without specifying separate VirtualHost.

However, you could pipe the log through a script, and have the script make the separate files. Look at the piped logging documentation.

You could also use a post processing script, such as utilizing grep to parse out the logs. A post processing script could be specified in the nightly logrotate under the postrotate or preprotate sections.

Apache 2.2 Piped Logging

Best Answer

Related Solutions

“Catch-All” access log with Apache Virtual Hosts

Different Apache log file for each subdomain

Related Topic