for i in emerg alert crit error warn ; do awk '$6 ~ /^\['$i'/ {print substr($0, index($0,$6)) }' error_log | sort | uniq -c | sort -n | tail -1; done

Quickly analyse an Apache error log

This searches the Apache error_log for each of the 5 most significant Apache error levels, if any are found the date is then cut from the output in order to sort then print the most common occurrence of each error.
Sample Output
  4  [emerg] (17)File exists: Couldn't create accept lock 
  20 [error] [client 1.2.3.4] File does not exist: /Welcome, referer: http://127.0.0.1/
  23 [warn] Init: Session Cache is not configured [hint: SSLSessionCache]

4
By: zlemini
2010-04-15 21:47:18

These Might Interest You

  • Simply add this to whatever apache startup script you have, or if you are on a MAC, create a new automator application. This will show a pretty growl notification whenever theres a new Apache error log entry. Useful for local development


    0
    /usr/bin/tail -fn0 /path/to/apache_error.log | while read line; do /usr/local/bin/growlnotify --title "Apache Notice" --message "$line"; done &
    jhyland87 · 2013-01-22 05:25:41 0

  • 4
    zcat access_log.*.gz | awk '{print $7}' | sort | uniq -c | sort -n | tail -n 20
    tkb · 2009-12-11 09:36:30 0
  • This uses awk to grab the IP address from each request and then sorts and summarises the top 10.


    22
    tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail
    root · 2009-01-25 21:01:52 4
  • creates associative array from apache logs, assumes "combined" log format or similar. replace awk column to suit needs. bandwidth per ip is also useful. have fun. I haven't found a more efficient way to do this as yet. sorry, FIXED TYPO: log file should obviously go after awk, which then pipes into sort.


    1
    awk '{array[$1]++}END{ for (ip in array) print array[ip] " " ip}' <path/to/apache/*.log> | sort -n
    kevinquinnyo · 2011-11-22 03:38:21 2
  • This command opens the latest, most current rotating apache access log for visual analysis and inspection. Run this command from the apache log directory. For error logs, replace access_log with error_log.


    0
    view `ls -1 access_log.* | tail -n 1`
    jimjmarion · 2009-02-06 18:38:25 3
  • credit shall fall to this for non-gzipped version: https://gist.github.com/marcanuy/a08d5f2d9c19ba621399 Show Sample Output


    1
    zcat error.log.gz | sed 's^\[.*\]^^g' | sed 's^\, referer: [^\n]*^^g' | sort | uniq -c | sort -n
    zanhsieh · 2014-09-24 05:26:24 0

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: