Apache | Log Files | Converting IP Addresses in Logs to Host Names (logresolve)

Tags:

• Apache
• Web

Access information recorded in the access log is recorded as IP addresses. There is also a setting, HostnameLookups, that converts IP addresses to host names at the time they are recorded, but this causes a DNS lookup on every access and increases load. Therefore, host names are generally converted in batch after being recorded in the log.

Apache provides a utility program that converts IP addresses to host names and saves the result to another file. Use the logresolve program in the {Apache installation directory}/Apache24/bin directory.

Usage is as follows.

logresolve < target-log-file

When the command above is executed, the converted log is displayed on standard output. To save it to another file, run it as follows.

logresolve < target-log-file > converted-log-file

Now try it. In Command Prompt, move to {Apache installation directory}/Apache24/bin and run the following.

logresolve < ..\logs\access.log > ..\logs\resolve.log

C:\apache\Apache24\bin>logresolve < ..\logs\access.log > ..\logs\resolve.log

C:\apache\Apache24\bin>

A new file named resolve.log is created in the directory containing the log files. Open it in a text editor and check the contents.

DESKTOP-XXXXXXX - - [06/Dec/2019:00:48:42 +0900] "GET /admin/admin.html HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
DESKTOP-XXXXXXX - - [06/Dec/2019:00:49:03 +0900] "GET / HTTP/1.1" 200 46 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
DESKTOP-XXXXXXX - - [06/Dec/2019:00:49:03 +0900] "GET /favicon.ico HTTP/1.1" 404 196 "http://127.0.0.1/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
DESKTOP-XXXXXXX - - [06/Dec/2019:00:49:24 +0900] "GET /phpinfo HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
DESKTOP-XXXXXXX - - [06/Dec/2019:00:49:34 +0900] "GET /phpinfo.php HTTP/1.1" 200 72966 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
DESKTOP-XXXXXXX - - [06/Dec/2019:00:50:34 +0900] "-" 408 - "-" "-"

The IP addresses have been converted to host names and saved. In this test environment, 127.0.0.1 is converted to DESKTOP-XXXXXXX.