How to optimize access log performance in Apache
Access logging can become a measurable part of request cost on busy Apache hosts because every request still has to be formatted, filtered, and written before the transaction is fully out of the worker's path. Trimming log volume and log line width reduces disk churn, lowers CPU spent on formatting, and keeps high-frequency endpoints such as probes and static assets from dominating the access log.
Apache writes access logs through mod_log_config, mainly with LogFormat and CustomLog. Performance usually improves most by logging fewer fields, keeping HostnameLookups off so reverse DNS does not run per request, and excluding low-value traffic with environment-variable conditions instead of sending every hit through the same verbose format.
Examples below use the Debian and Ubuntu layout with /etc/apache2/, /var/log/apache2/, and the apache2 service name. RHEL-family systems usually use /etc/httpd/, /var/log/httpd/, and the httpd service name instead. HostnameLookups Off remains the right default for busy sites, but hostname-based Require rules can still trigger DNS work for access control, and BufferedLogs should be enabled only after the lighter format is verified because buffered writes can delay what appears in tail and can lose the newest entries after a crash.
Steps to optimize Apache access log performance:
- Locate the active access-log directives before changing anything.
$ sudo grep -R --line-number --extended-regexp '^[[:space:]]*(CustomLog|LogFormat|HostnameLookups|BufferedLogs)' /etc/apache2 /etc/apache2/sites-enabled/000-default.conf:21: CustomLog ${APACHE_LOG_DIR}/access.log combined /etc/apache2/sites-available/000-default.conf:21: CustomLog ${APACHE_LOG_DIR}/access.log combined /etc/apache2/sites-available/default-ssl.conf:13: CustomLog ${APACHE_LOG_DIR}/access.log combined /etc/apache2/conf-available/other-vhosts-access-log.conf:2:CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined /etc/apache2/conf-enabled/other-vhosts-access-log.conf:2:CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined /etc/apache2/apache2.conf:126:HostnameLookups Off /etc/apache2/apache2.conf:212:LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined /etc/apache2/apache2.conf:213:LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined /etc/apache2/apache2.conf:214:LogFormat "%h %l %u %t \"%r\" %>s %O" common /etc/apache2/apache2.conf:215:LogFormat "%{Referer}i -> %U" referer /etc/apache2/apache2.conf:216:LogFormat "%{User-agent}i" agentOn RHEL-family systems, search /etc/httpd/ instead of /etc/apache2/.
- Back up both the active virtual-host file and the main Apache configuration before editing them.
$ sudo cp -a /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.bak $ sudo cp -a /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
Use the file paths returned by the previous grep when the active CustomLog lives in a different include or virtual-host file.
- Confirm that HostnameLookups is still disabled.
$ sudo grep -n '^[[:space:]]*HostnameLookups' /etc/apache2/apache2.conf 126:HostnameLookups Off
Apache 2.4 defaults HostnameLookups to Off, and heavily loaded sites should leave it there. If hostnames are needed later, run logresolve on saved IP addresses offline instead of forcing reverse DNS into every request.
- Add a lighter log-format nickname near the existing LogFormat lines in /etc/apache2/apache2.conf.
LogFormat "%a %t \"%r\" %>s %b" access_lite
The %b field records response-body bytes without depending on mod_logio. Use %O only when exact on-wire bytes, including headers, matter. Append %D when request time in microseconds is worth the extra field.
- Define skip rules for low-value requests in the same configuration context as the active CustomLog directive.
SetEnvIfNoCase Request_URI "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$" dontlog SetEnvIf Request_URI "^/healthz$" dontlog SetEnvIfNoCase User-Agent "^kube-probe/" dontlog
The Request_URI attribute matches the path portion of the request line without the query string. If SetEnvIf or SetEnvIfNoCase is reported as an unknown directive, enable mod_setenvif first. Related: How to enable or disable Apache modules
- Replace the existing CustomLog line with the lighter format and an exclusion condition.
CustomLog ${APACHE_LOG_DIR}/access.log access_lite env=!dontlogKeep the backup files until the new format and skip rules are verified against real requests.
- Test the updated configuration before reloading Apache.
$ sudo apache2ctl configtest AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message Syntax OK
Use sudo apachectl -t or sudo httpd -t on platforms that do not ship apache2ctl. The AH00558 message is a hostname warning, not a syntax failure.
Related: How to test Apache configuration
- Reload Apache so the new log format takes effect without dropping active connections.
$ sudo systemctl reload apache2
Use sudo systemctl reload httpd on most RHEL-family systems.
- Send one request that should still be logged.
$ curl -I -sS http://127.0.0.1/ HTTP/1.1 200 OK Date: Thu, 09 Apr 2026 04:33:07 GMT Server: Apache/2.4.58 (Ubuntu) Last-Modified: Thu, 09 Apr 2026 04:33:04 GMT ETag: "29af-64eff832735bd" Accept-Ranges: bytes Content-Length: 10671 Vary: Accept-Encoding
Use the actual virtual-host hostname instead of 127.0.0.1 when the site is not served by the default host.
- Send requests that should be excluded by the new skip rules.
$ curl -I -sS http://127.0.0.1/favicon.ico HTTP/1.1 404 Not Found Date: Thu, 09 Apr 2026 04:33:07 GMT Server: Apache/2.4.58 (Ubuntu) Content-Type: text/html; charset=iso-8859-1 $ curl -I -sS -A 'kube-probe/1.31' http://127.0.0.1/healthz HTTP/1.1 200 OK Date: Thu, 09 Apr 2026 04:33:07 GMT Server: Apache/2.4.58 (Ubuntu) Last-Modified: Thu, 09 Apr 2026 04:33:07 GMT ETag: W/"3-64eff835f2ddd" Accept-Ranges: bytes
- Confirm that the excluded requests are missing from the access log.
$ sudo grep -Fq 'favicon.ico' /var/log/apache2/access.log || echo 'favicon.ico skipped' favicon.ico skipped $ sudo grep -Fq 'healthz' /var/log/apache2/access.log || echo 'healthz skipped' healthz skipped
- Review the most recent access-log line to confirm that the lighter format is active.
$ sudo tail -n 1 /var/log/apache2/access.log 127.0.0.1 [09/Apr/2026:04:33:07 +0000] "HEAD / HTTP/1.1" 200 -
This shorter line drops logname, authenticated user, referer, and user-agent fields from the default combined format, which reduces both formatting work and log size.
- Optionally enable buffered logging after the new format and skip rules are already proven.
BufferedLogs On
BufferedLogs is a global server setting, not a per-virtual-host setting. Apache 2.4 defaults it to Off. When it is enabled, low-traffic servers can delay writes enough that a new request may not appear immediately in tail -f, and a crash can lose buffered entries.
- Re-test the configuration and reload Apache again if BufferedLogs was enabled.
$ sudo apache2ctl configtest Syntax OK $ sudo systemctl reload apache2
Related: How to test Apache configuration
- Restore the backup files and reload Apache if the lighter format removes fields that are still needed for troubleshooting or audit work.
$ sudo cp -a /etc/apache2/apache2.conf.bak /etc/apache2/apache2.conf $ sudo cp -a /etc/apache2/sites-available/000-default.conf.bak /etc/apache2/sites-available/000-default.conf $ sudo systemctl reload apache2