More detailed Apache logging turns intermittent 5xx responses, TLS handshake failures, reverse-proxy timeouts, and rewrite loops into actionable evidence. Raising verbosity makes module decisions and connection state visible in the error log, and richer access logs help correlate slow requests with specific clients, headers, and URLs.
Apache writes two primary log streams: the error log and one or more access logs. Error logging is controlled by the LogLevel directive, which supports global settings plus module-specific overrides (for example ssl:info). Access logging is controlled by mod_log_config using LogFormat strings (field selection) paired with CustomLog directives (file destination and format nickname).
High verbosity increases disk writes and can grow log files quickly on busy servers, and verbose formats can capture sensitive data embedded in query strings or headers. Keep debug or trace levels temporary on production systems, prefer module-scoped verbosity, and confirm log rotation covers any new log files. Commands and paths below assume a Ubuntu or Debian layout using /etc/apache2/ and the apache2 systemd unit.
Steps to configure verbose Apache logging:
- Open a terminal with sudo privileges.
$ whoami user
- List configuration files loaded by Apache.
$ sudo apache2ctl -t -D DUMP_INCLUDES Included configuration files: (*) /etc/apache2/apache2.conf (*) /etc/apache2/ports.conf (*) /etc/apache2/conf-enabled/security.conf (*) /etc/apache2/sites-enabled/000-default.conf ##### snipped #####
Related: Location for Apache configuration
RHEL-style systems commonly use /etc/httpd/ and the httpd service name.
- Find the active LogLevel directive.
$ sudo grep --recursive --line-number --extended-regexp '^[[:space:]]*LogLevel' /etc/apache2/ ##### snipped ##### /etc/apache2/apache2.conf:143:LogLevel warn
- Edit the file that sets LogLevel.
$ sudoedit /etc/apache2/apache2.conf
- Increase error-log verbosity by updating LogLevel.
LogLevel info
Common levels: emerg, alert, crit, error, warn, notice, info, debug. Module scoping uses module:level syntax, such as ssl:info or rewrite:trace3.
debug and trace levels can flood logs and increase disk I/O on busy servers.
- Add module-specific log levels for targeted troubleshooting.
LogLevel warn ssl:info rewrite:trace3
Use module tokens that match loaded modules. List loaded modules with
apache2ctl -M
.
- Check the Apache configuration for syntax errors.
$ sudo apache2ctl configtest Syntax OK
- Reload Apache to apply the new logging settings.
$ sudo systemctl reload apache2
- Check the apache2 service state.
$ sudo systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2025-12-13 12:34:58 UTC; 6s ago ##### snipped ##### - Follow the error log for higher-detail messages.
$ sudo tail --follow=name --lines=50 /var/log/apache2/error.log [Sat Dec 13 12:34:56.123456 2025] [ssl:info] [pid 1234] [client 203.0.113.10:51234] AH01964: Connection to child 0 established (server example.com:443) ##### snipped #####
- Find existing LogFormat definitions.
$ sudo grep --line-number --extended-regexp '^[[:space:]]*LogFormat[[:space:]]' /etc/apache2/apache2.conf 212:LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined 213:LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined 214:LogFormat "%h %l %u %t \"%r\" %>s %O" common ##### snipped ##### - Find active CustomLog directives.
$ sudo grep --recursive --line-number --extended-regexp '^[[:space:]]*CustomLog[[:space:]]' /etc/apache2/ ##### snipped ##### /etc/apache2/sites-available/000-default.conf:14:CustomLog ${APACHE_LOG_DIR}/access.log combined /etc/apache2/conf-enabled/other-vhosts-access-log.conf:9:CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined - Define a verbose LogFormat nickname in /etc/apache2/apache2.conf.
LogFormat "%v:%p %a %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\" \"%{Host}i\"" verbose_timingNickname is the trailing token (for example combined, vhost_combined, verbose_timing).
Related: LogFormat string referenceStandard combined format:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedMinimalist format:
LogFormat "%h %l %u %t \"%r\" %>s %b" minimal
Verbose format with extra headers and timing:
LogFormat "%v:%p %a %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\" \"%{Host}i\" \"%{Accept}i\" \"%{Accept-Language}i\"" verbose_headersQuery string included explicitly:
LogFormat "%h %l %u %t \"%m %U%q %H\" %>s %b" query_included
Verbose formats can capture sensitive header values or tokens embedded in URLs. Avoid logging secrets (authentication headers, session identifiers, signed URLs).
- Add a dedicated CustomLog line that uses the new nickname.
CustomLog ${APACHE_LOG_DIR}/access_verbose.log verbose_timingKeep the existing CustomLog line for standard logging. Add the verbose line temporarily for troubleshooting.
Debian-family log rotation often matches /var/log/apache2/*.log, which covers access_verbose.log.
- Check the configuration for syntax errors after the log format change.
$ sudo apache2ctl configtest Syntax OK
- Reload Apache to apply the access log changes.
$ sudo systemctl reload apache2
- Generate a request that produces a fresh access-log entry.
$ curl --head http://localhost/ HTTP/1.1 200 OK Date: Sat, 13 Dec 2025 12:35:10 GMT Server: Apache/2.4.52 (Ubuntu) ##### snipped #####
- Confirm the verbose access log contains the expected fields.
$ sudo tail --lines=1 /var/log/apache2/access_verbose.log localhost:80 127.0.0.1 - - [13/Dec/2025:12:35:10 +0000] "HEAD / HTTP/1.1" 200 0 245 "-" "curl/8.5.0" "localhost"
Reduce verbosity after troubleshooting by restoring the site default LogLevel and removing temporary verbose CustomLog lines.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
Comment anonymously. Login not required.