Monitoring traffic on Apache in Real-Time
An indepth analysis of the log files is great, but sometime you just want to see what is happening on your web sites at the moment. In this tutorial we will go over some of the ways and show you how to set them up.
Apachetop is a very useful and small program that displays the stats for Apache as they happen. It can tell you how many requests per second are coming in, what files have been accessed in the last set amount of time, and how many times. It can also show you who is hitting the sites and where they are coming from. It can be downloaded here or installed from the ports with
# cd /usr/ports/sysutils/apachetop/
# make install
This program essentially just watches the log files and constantly computes the stats. It can be set to show stats for the last set amount of time, or for the last set number of hosts. It defaults to monitoring the log at /var/log/httpd-access.log, but if you set different log files for your virtual hosts (as you should have), you will need to tell it to watch these also with the -f flag. Since apachetop doesn't seem to have a stored config file it is easiest to store the long command in a shell script.
#!/bin/sh cd /usr/local/www/logs apachetop -f lamps-access_log -f tables-access_log
Every file must have the -f flag in front of it.
If your web server gets a low number of hits you will want to use the -N flag so that it shows you more information instead of clearing hits after 30 seconds. The -N flag sets the number of hits apachetop remembers. You can also use -T to change the length of time it remembers the hits instead of dropping them after a set period of time.
# apachetop -N 180 -f lamps-access_log
The above command will show stats for hits in the last 3 minutes.
# apachetop -T 100 -f lamps-access_log
This command will have apachetop remember the last 100 hits and show the statistics for them.
Once in apachetop the program will begin displaying and calculating the stats as they come in, so at first it will be blank and not you very much. To switch between showing what files are getting hit, what hosts are accessing the web server, and where they are coming from press "d". For the help menu press with more commands press "h".
Using multitail to watch the logs
Multitail is a program which shows you the tail of several files on the screen at once and automatically scrolls them up as they are updated. Just looking at the log files continously rolling by can be confusing at first, but once you get use to it its easy to pick out important information so you can figure out what is happening on the web server. Think of it as watching the matrix, only less exciting. Multitail can be installed from the ports with
# cd /usr/ports/sysutils/multitail
# make install
With multitail you simply list the files to watch as arguments after the command, or use a * if you are going to open them all in one multitail window.
# multitail /usr/local/www/logs/*
Multitail comes with an Apache color scheme that greatly helps make them easier to read as they are scrolling by. The schemes are set in the multitail.conf file. If you have just installed multitail from the ports you will need to rename it.
# cd /usr/local/etc
# mv multitail.conf.sample multitail.conf
In this file you can change the colors and define your own color scheme if needed. To use the apache color scheme use the -cS apache flag. Here is an example by Folkert van Heusden of using multitail to monitor the logs for a web site with color.
# multitail -cS apache /usr/local/www/logs/lamps-access_log -I /usr/local/www/logs/lamps-error_log
Using the -I flag will combine both logs into the same window instead of creating two windows.