Server log files are text files that record every event on the server (requests, errors, user logins, system events). Reading and analyzing them is daily work for sysadmins. Through these files you find attacks, slow sites, and error causes.
Main log file types
Apache access log: every site request โ who, when, which URL, returned status (200, 404, 500). Location: /var/log/apache2/access.log or /home/user/access-logs/.
Apache error log: PHP and Apache errors. /var/log/apache2/error.log or /home/user/logs/error_log.
Nginx access log: similar to Apache. /var/log/nginx/access.log.
Nginx error log: /var/log/nginx/error.log.
MySQL slow log: slow queries. /var/log/mysql-slow.log (if enabled).
systemd journal: Linux system events. Access via journalctl command.
Access log format
Apache standard combined format: 192.168.1.1 - - [25/Mar/2026:10:32:15 +0500] "GET /index.php HTTP/1.1" 200 1234 "https://google.com" "Mozilla/5.0"
Reading: IP address, date and time, HTTP method and URL, status code (200 OK), size in bytes, referer (who sent them), user agent (browser).
Useful analysis commands
Find the most-requesting IPs: awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -10.
List 404 errors: grep ' 404 ' access.log | awk '{print $7}' | sort | uniq -c | sort -rn.
Today's traffic (request count): grep "$(date +'%d/%b/%Y')" access.log | wc -l.
Most-active bot: awk -F'"' '{print $6}' access.log | sort | uniq -c | sort -rn | head.
Real-time log monitoring
tail -f /var/log/apache2/access.log โ watch new entries in real time.
multitail command (install separately) โ watch multiple log files at once.
GoAccess โ terminal-based or HTML-report log analysis tool. goaccess access.log -o report.html.
Sayt.uz practice
Sayt.uz sysadmins analyze log files automatically every day โ when an anomaly appears (unexpected traffic, many 5xx errors) an alert fires. Clients can access their own log files via cPanel "Errors" or "Visitors". Tip: to spot attack patterns, check access.log once a week โ many requests to /wp-login.php signal a brute-force bot.