Apache HTTP Server

Configure Apache HTTP Log Source with

Supported Versions

Apache HTTP Server versions 2.3 or greater

Configuration

Option

Description

Log Format

When choosing the 'default' option, the agent will expect and parse logs in a format that matches the default logging configuration. When choosing the 'observIQ' option, the agent will expect and parse logs in an optimized JSON format that adheres to the observIQ specification, requiring an update to the apache2.conf file.

Access Logs

Enable and specify the path to the Apache HTTP Access logs

Error Logs

Enable and specify the path to the Apache HTTP Error logs

Start At

Choose whether to start reading from the beginning or end of a file.

Log Types

Types

apache_http.access

apache_http.error

Log Formats

Default: If you're using the default logging configuration for Apache HTTP, choose the default Log Format option in the Source configuration.

observIQ: For optimal Apache HTTP parsing and enrichment, we recommend choosing the 'observIQ' log format, and updating your apache2.conf file using the below steps:

  1. Add the access Logformat and error ErrorLogFormat to the main apache configuration. On Debian based systems, this can be found in /etc/apache2/apache2.conf`.
  2. Modify CustomLog in sites-available configurations to use observiq for the access log format.

CustomLog ${APACHE_LOG_DIR}/access.log observiq

  1. Restart Apache HTTP Server.
Logformat "{\"timestamp\":\"%{%Y-%m-%dT%T}t.%{usec_frac}t%{%z}t\",\"remote_addr\":\"%a\",\"protocol\":\"%H\",\"method\":\"%m\",\"query\":\"%q\",\"path\":\"%U\",\"status\":\"%>s\",\"http_user_agent\":\"%{User-agent}i\",\"http_referer\":\"%{Referer}i\",\"remote_user\":\"%u\",\"body_bytes_sent\":\"%b\",\"request_time_microseconds\":\"%D\",\"http_x_forwarded_for\":\"%{X-Forwarded-For}i\"}" observiq
ErrorLogFormat "{\"time\":\"%{cu}t\",\"module\":\"%-m\",\"client\":\"%-a\",\"http_x_forwarded_for\":\"%-{X-Forwarded-For}i\",\"log_level\":\"%-l\",\"pid\":\"%-P\",\"tid\":\"%-T\",\"message\":\"%-M\",\"logid\":{\"request\":\"%-L\",\"connection\":\"%-{c}L\"},\"request_note_name\":\"%-{name}n\"}"

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.