Filter Apache Log by Date Using “sed” editor

Here is this article when I worked on a web server or any site issue or unusual activity only the Apache log file is only my friend but it is very complicated to read because it has so many entries like date time activity ip, messages, user id, etc. There are so many tools that allow us to generate reports of Apache that visitors on the sites and their activity, what they are doing. Only Apache log files can tell us, all activity on the site. In this section, we focus on the use of sed tools which will fetch Apache logs by date.I am going to explain the combined log format, which will help us to read and be comfortable to use for managing activity. If we see our Apache combined log, we found entries like below.

100.83.233.67- - [23/May/2004:11:00:48 +1000] "GET /robots.txt HTTP/1.0" 200 468 "-" "elbhealthcheck/2.1"

100.83.233.67- - [23/May/2004:11:0048 +1000] "GET / HTTP/1.0" 200 6433 "-" "elbhealthcheck/2.1"

LogFormat :

%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"

Whereas :

%h   =  IP address of the client

%l   =  RFC 1413 identity of the client

%u   =  user-id of the person

%t   =  Finish time request processing.

%r   =  request line from the client in double quotes

%>s  =  status code that the server sends back to the client

%b   =  Size of the object returned to the client

Refer to and User agent source of the request originated and those agents who have made the request.

(1) Now going to explain grep log starting from any date until the last log entry.

# sed -n '/1\/Jan\/2014/,$ p' /path/to/access_log

The above command will show lines (p) starting with 1/Jan/2014 through end of the log files ($)

(2)If we need to log only by date range, assume from 1/Jan/2014 to 3/Jan/2014, this will be almost the same, instead of fetching the last lines through the end of the file, You could try something like this .

# sed -n '/1\/Jan\/2014/,/3\/Jan\/2014/ p'