How to Colorize Apache Logs for Better Monitoring with tail -f


3 views

Any sysadmin or developer who's spent hours staring at tail -f /var/log/apache2/access.log knows how visually exhausting it can be. Important events like 500 errors or suspicious requests blend into a sea of monotonous text, making critical issues easy to miss.

The multitail tool is perfect for this job. Here's a basic installation and configuration:

# Install on Debian/Ubuntu
sudo apt install multitail

# Sample configuration for Apache logs
multitail -cS apache /var/log/apache2/access.log

For more control, create a config file at ~/.multitailrc:

# Apache log color scheme
colorscheme:apache
cs_re:green:^.*" 200 
cs_re:yellow:^.*" 30[0-9] 
cs_re:red:^.*" (40[0-9]|50[0-9])
cs_re:magenta:POST
cs_re:cyan:GET

For simpler use cases, ccze works well:

# Install
sudo apt install ccze

# Usage
tail -f /var/log/apache2/access.log | ccze -A

Combine with grep for targeted highlighting:

tail -f /var/log/apache2/access.log | \
grep --color=always -E "500|404|POST /admin" | \
ccze -A

Add this to your ~/.bashrc for permanent convenience:

alias apachelog='multitail -cS apache /var/log/apache2/access.log'
alias errorlog='tail -f /var/log/apache2/error.log | ccze -A'

When running tail -f /var/log/apache2/access.log for real-time monitoring, the monochromatic output quickly becomes eye-straining. Critical events like 500 errors or FATAL warnings get lost in the sea of text, making log analysis inefficient.

The simplest solution is ccze, a robust log colorizer that works with Apache logs out of the box:

sudo apt install ccze   # Debian/Ubuntu
tail -f /var/log/apache2/access.log | ccze -A

Key features:

  • HTTP methods in different colors (GET=blue, POST=green)
  • Status codes colored by severity (2xx=green, 3xx=blue, 4xx=yellow, 5xx=red)
  • IP addresses highlighted

For more control, use multitail with custom schemes:

sudo apt install multitail
multitail -cS apache /var/log/apache2/access.log

Create a custom scheme file ~/.multitail/apache.conf:

colorscheme:apache
cs_re:green:GET 
cs_re:blue:POST
cs_re:red: 50[0-9] 
cs_re:yellow: 40[0-9]

For a full dashboard experience:

goaccess /var/log/apache2/access.log --log-format=COMBINED --real-time-html --output=report.html

Then open report.html in your browser for an interactive colored visualization of your logs.

Add this to your Apache config (httpd.conf or virtual host):

ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P] %F: %E: [client %a] %M"

Then use this custom parsing rule with lnav:

{ "apache_custom" : {
  "title" : "Custom Apache",
  "regex" : { ... }
}}