Filter Apache Log by Date Using “sed” editor

[box]

Hi Linux Geeks , I am writing this article because of when I worked on web server or any site issue or unusual activity  only apache log file  is only my friend but it is very complicated to read because it have so many entry like date time activity ip,messages, userid etc.

There are so many tool  that allow us to generate reports of apache that visitors on the sites and their activity , what they are doing. Only apache log files can tell us, all activity on the site. In this section we focusing on the use of sed tools which will fetch apache log by date.

I am going to explain combined log format, which will help us to read and confortable to us for managing activity.

If we see our apache combined log, we found entries like below.

100.83.233.67- - [23/May/2004:11:00:48 +1000] "GET /robots.txt HTTP/1.0" 200 468 "-" "elbhealthcheck/2.1"

100.83.233.67- - [23/May/2004:11:0048 +1000] "GET / HTTP/1.0" 200  6433 "-" "elbhealthcheck/2.1"

LogFormat :

%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"

Where as :

%h   =  IP address of the client

%l   =  RFC 1413 identity of the client

%u   =  userid of the person

%t   =  Finish time request processing .

%r   =  Request line from the client in double quotes

%>s  =  Status code that the server sends back to the client

%b   =  Size of the object returned to the client

Refer and User agent source of request originated and those agent which have made request.

 

(1) Now going to explain grep log starting from any date until last log entry.

# sed -n '/1\/Jan\/2014/,$ p' /path/to/access_log

Above command will show lines (p) starting with 1/Jan/2014 through end of the log files ($).

 

 (2)If we need to log only by date range , assume from 1/Jan/2014 to 3/Jan/2014, this will almost same, instead of fetch last lines through the end of the file, You could try something like this :

# sed -n '/1\/Jan\/2014/,/3\/Jan\/2014/ p'

 

[/box]