What is recorded in Apache access log by default?

The Apache HTTP Server’s default access log tracks essential information about every incoming request processed by the server. Using the standard “Common Log Format” (CLF), it automatically records details such as the client’s IP address, the timestamp of the request, the specific HTTP method and URL requested, and the resulting server status code. Understanding these default fields is crucial for system administrators and web developers to monitor traffic, troubleshoot errors, and maintain server security.

The Anatomy of a Default Access Log Entry

When using the default Common Log Format, a typical entry in the Apache access log looks like this:

127.0.0.1 - - [15/Jun/2026:14:32:10 +0000] "GET /index.html HTTP/1.1" 200 2326

Each component of this log entry represents a specific piece of data sent during the client-server interaction:

• Client IP Address (127.0.0.1): This is the IP address of the client (browser or bot) that made the request to the server.
• RFC 1413 Identity (-): This field attempts to record the identity of the client via identd on the client machine. Because this is highly unreliable and rarely used today, Apache almost always records a hyphen placeholder here.
• User ID (-): If the requested page requires HTTP access authentication, the username provided by the client is logged here. If the page is not password-protected, it defaults to a hyphen.
• Timestamp ([15/Jun/2026:14:32:10 +0000]): The exact date, time, and time zone when the server finished processing the request.
• The Request Line ("GET /index.html HTTP/1.1"): The actual request method from the client enclosed in double quotes. It breaks down into three parts: the method used (e.g., GET, POST), the requested resource path (/index.html), and the protocol version (HTTP/1.1).
• Status Code (200): The three-digit HTTP status code that the server sends back to the client. This tells you if the request was successful (like 200 OK), redirected (like 301), or resulted in an error (like 404 Not Found or 500 Internal Server Error).
• Response Size (2326): The total size of the object returned to the client, measured in bytes. This excludes the HTTP response headers. If no content was returned, this value will be represented by a hyphen.

The Combined Log Format Alternative

While the Common Log Format is the baseline default, many standard Apache installations (such as those bundled with popular Linux distributions) pre-configure the “Combined Log Format” by default. The Combined format includes all seven elements of the Common format, but appends two additional pieces of information to the end of the log line:

• Referer Header: The URL of the page that linked the user to the current resource.
• User-Agent Header: The identification string of the client’s web browser, operating system, or scraping bot.