Apache HTTP Server

Configure Apache HTTP Log Source with

356

Supported Versions

Apache HTTP Server versions 2.3 or greater

Configuration

OptionDescription
Log FormatWhen choosing the 'default' option, the agent will expect and parse logs in a format that matches the default logging configuration. When choosing the 'observIQ' option, the agent will expect and parse logs in an optimized JSON format that adheres to the observIQ specification, requiring an update to the apache2.conf file.
Access LogsEnable and specify the path to the Apache HTTP Access logs
Error LogsEnable and specify the path to the Apache HTTP Error logs
Start AtChoose whether to start reading from the beginning or end of a file.

Log Types

Types
apache_http.access
apache_http.error

Log Formats

Default: If you're using the default logging configuration for Apache HTTP, choose the default Log Format option in the Source configuration.

observIQ: For optimal Apache HTTP parsing and enrichment, we recommend choosing the 'observIQ' log format, and updating your apache2.conf file using the below steps:

  1. Add the access Logformat and error ErrorLogFormat to the main apache configuration. On Debian based systems, this can be found in /etc/apache2/apache2.conf`.
  2. Modify CustomLog in sites-available configurations to use observiq for the access log format.

CustomLog ${APACHE_LOG_DIR}/access.log observiq

  1. Restart Apache HTTP Server.
Logformat "{\"timestamp\":\"%{%Y-%m-%dT%T}t.%{usec_frac}t%{%z}t\",\"remote_addr\":\"%a\",\"protocol\":\"%H\",\"method\":\"%m\",\"query\":\"%q\",\"path\":\"%U\",\"status\":\"%>s\",\"http_user_agent\":\"%{User-agent}i\",\"http_referer\":\"%{Referer}i\",\"remote_user\":\"%u\",\"body_bytes_sent\":\"%b\",\"request_time_microseconds\":\"%D\",\"http_x_forwarded_for\":\"%{X-Forwarded-For}i\"}" observiq
ErrorLogFormat "{\"time\":\"%{cu}t\",\"module\":\"%-m\",\"client\":\"%-a\",\"http_x_forwarded_for\":\"%-{X-Forwarded-For}i\",\"log_level\":\"%-l\",\"pid\":\"%-P\",\"tid\":\"%-T\",\"message\":\"%-M\",\"logid\":{\"request\":\"%-L\",\"connection\":\"%-{c}L\"},\"request_note_name\":\"%-{name}n\"}"

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.