I’ve been looking up hill and down dale for a good (Python-based – fanboy!! Woo!!) log analyser and monitor for Apache.
It looks like I’ve found one – and awesome it is too!
wtop is by far the best I’ve come across of the options available and I’m not just saying that because its Python based. It nicely formats based on a variety of rules you give to it.
I plan on using it to monitor when certain IP’s access my server then hooking it upto an SMS API to text me when it happens. You can use it for monitoring of dodgy behaviour such as accesses to Paypal folders and such.
Some important points though:
- Make sure your log format is configured properly. You need to add the %D option which the default “combined” format doesn’t have.
- After changing the formats and making sure the wtop config matches your new Apache log format you may need to delete or archive your old ‘badly’ formatted logs. As wtop won’t cope well with the new/old format mix.
- Install it – don’t think it’ll work straight off the bat.
- Read the instructions.
- To make sure you’ve got it working run a very basic command with it that does no filtering.
logrep -o 'class,max(bytes),avg(msec)' access.log
- More info on using logrep for monitoring your Apache logs is here.
Some More Examples…
- Show all 404 page errors in log with a count:
logrep -m grep -o 'status,count(*),url' -f 'status=404' access.log
- Show visits of a certain IP to the homepage of the site:
logrep -f 'ip~192.29.29,class=home' -o hour,minute,ip,url access.log
