Apache HTTP Server
Configure Apache HTTP Log Source with
Supported Versions
Apache HTTP Server versions 2.3 or greater
Configuration
Option | Description |
---|---|
Log Format | When choosing the 'default' option, the agent will expect and parse logs in a format that matches the default logging configuration. When choosing the 'observIQ' option, the agent will expect and parse logs in an optimized JSON format that adheres to the observIQ specification, requiring an update to the apache2.conf file. |
Access Logs | Enable and specify the path to the Apache HTTP Access logs |
Error Logs | Enable and specify the path to the Apache HTTP Error logs |
Start At | Choose whether to start reading from the beginning or end of a file. |
Log Types
Types |
---|
apache_http.access |
apache_http.error |
Log Formats
Default: If you're using the default logging configuration for Apache HTTP, choose the default Log Format option in the Source configuration.
observIQ: For optimal Apache HTTP parsing and enrichment, we recommend choosing the 'observIQ' log format, and updating your apache2.conf file using the below steps:
- Add the access Logformat and error ErrorLogFormat to the main apache configuration. On Debian based systems, this can be found in /etc/apache2/apache2.conf`.
- Modify CustomLog in sites-available configurations to use observiq for the access log format.
CustomLog ${APACHE_LOG_DIR}/access.log observiq
- Restart Apache HTTP Server.
Logformat "{\"timestamp\":\"%{%Y-%m-%dT%T}t.%{usec_frac}t%{%z}t\",\"remote_addr\":\"%a\",\"protocol\":\"%H\",\"method\":\"%m\",\"query\":\"%q\",\"path\":\"%U\",\"status\":\"%>s\",\"http_user_agent\":\"%{User-agent}i\",\"http_referer\":\"%{Referer}i\",\"remote_user\":\"%u\",\"body_bytes_sent\":\"%b\",\"request_time_microseconds\":\"%D\",\"http_x_forwarded_for\":\"%{X-Forwarded-For}i\"}" observiq
ErrorLogFormat "{\"time\":\"%{cu}t\",\"module\":\"%-m\",\"client\":\"%-a\",\"http_x_forwarded_for\":\"%-{X-Forwarded-For}i\",\"log_level\":\"%-l\",\"pid\":\"%-P\",\"tid\":\"%-T\",\"message\":\"%-M\",\"logid\":{\"request\":\"%-L\",\"connection\":\"%-{c}L\"},\"request_note_name\":\"%-{name}n\"}"
Advanced
For more information on the advanced configuration capabilities, see our detailed plugin guide here.
Updated over 3 years ago