Accidentally deleting Apache log files, like access_log
, can be concerning especially when those logs are needed for troubleshooting or auditing. Fortunately, if the Apache service is still running, there’s a good chance you can recover the deleted log file using the process ID and file descriptors from the active Apache process. In this article, we’ll walk you through a example of how to retrieve a deleted Apache log before restarting the service.
We can recover deleted apache logs easily. Let me explain this with an example.
I accidentally removed the file '/usr/local/apache/logs/access_log' in the server.
Access the server as root via SSH - If you don't know how, you can follow this guide.
To recover the file, please check the PID of the Apache process using the command below.
# ps aux | grep httpd
You’ll see multiple Apache processes listed, and you can use any of the process IDs. However, it's best to use the main Apache process, which typically runs under the user 'root'. In this case, the PID is 1742.
Now, let’s list the file descriptors, using below shared command:
ll -a /proc/1742/fd
You’ll see several symbolic links to Apache log files listed, like the one shown below.
l-wx------ 1 root root 64 Sep 29 03:06 11 -> \ (deleted)/usr/local/apache/logs/access_log
l-wx------ 1 root root 64 Sep 29 03:06 2 -> /usr/local/apache/logs/error_log
l-wx------ 1 root root 64 Sep 29 03:06 4 -> /usr/local/apache/logs/modsec_debug_log
l-wx------ 1 root root 64 Sep 29 03:06 3 -> /usr/local/apache/logs/modsec_audit.log
Stop Apache on the server using the command below:
service httpd stop
Now, copy the
access_log
file that is marked as deleted (in this case, it's file descriptor 11).cp /proc/1742/fd/11 /usr/local/apache/logs/access_log
Now, start Apache using the command below:
service httpd start
Access the websites from your server to ensure everything is working properly.
Now, check the removed log file using the command below:
tail -f /usr/local/apache/logs/access_log
Congratulations! You’ve successfully recovered the deleted Apache log file Using File Descriptors.
If you have any questions, please don’t hesitate to contact our team via live chat.
For technical inquiries, please feel free to reach our support team by emailing support@bigscoots.com from your registered email or by submitting a support ticket.