Apache web server
Apache HTTP Server can be configured to send logs into the Logmanager.
Log forwarding assumes you can change configuration of your apache server to log already in json format and also change of your local syslog daemon. In this example we assume usage of syslog-ng.
Add the following log format definition into the included config to your configuration e.g. into /etc/apache2/conf.d/lm_logformat:
LogFormat "{ \
\"user_agent\": \"%{User-agent}i\", \
\"systemtime\": \"%{%Y-%m-%dT%H:%M:%S%z}t\", \
\"server_name\":\"%v\", \
\"server_port\":\"%p\", \
\"remote_host\":\"%h\", \
\"logon_name\":\"%l\", \
\"remote_user\":\"%u\", \
\"client_ip\": \"%a\", \
\"duration\": %D, \
\"status\": \"%>s\", \
\"url_path\": \"%U\", \
\"url_query\": \"%q\", \
\"bytes\": %B, \
\"method\": \"%m\", \
\"referer\": \"%{Referer}i\" \
}" lm_logformat
Modify your configuration file for your virtual host and add the line with the CustomLog setting:
CustomLog "|logger -t apache" lm_logformat
Example of simple virtual host configuration:
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html
ServerName example.com
CustomLog "|logger -t apache" lm_logformat
</VirtualHost>
In the next step is important set the forwarding to Logmanager:
-
In case you have Syslog-NG server installed on your server, follow the steps in chapter Linux Syslog-NG.
Check the source and @include parameters settings and perform the setting in accordance with chapter Forwarding logs of specific program.
-
If you have Rsyslog server installed on your server, follow the steps in chapter One service monitoring.
In both cases is true, that term program_name has to be replaced by word apache.
On Windows, Windows Event Sender must be running and be customized for sending logs into the Logmanager, and Apache log format must be changed.
Add the following log format definition into your Apache configuration (httpd.conf):
LogFormat "{ \
\"user_agent\": \"%{User-agent}i\", \
\"systemtime\": \"%{%Y-%m-%dT%H:%M:%S}t\", \
\"server_name\":\"%v\", \
\"server_port\":\"%p\", \
\"remote_host\":\"%h\", \
\"logon_name\":\"%l\", \
\"remote_user\":\"%u\", \
\"client_ip\": \"%a\", \
\"duration\": %D, \
\"status\": \"%>s\", \
\"url_path\": \"%U\", \
\"url_query\": \"%q\", \
\"bytes\": %B, \
\"method\": \"%m\", \
\"referer\": \"%{Referer}i\" \
}" lm_logformat
Modify your configuration file for your virtual host (httpd-ssl.conf) and add the line with the CustomLog setting:
CustomLog "logs/accesslog.log" lm_logformat
Example of simple virtual host configuration:
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot "c:/apache/htdocs/"
ServerName example.com
CustomLog "logs/accesslog.log" lm_logformat
ErrorLog "logs/error.log"
</VirtualHost>
Configure the Logmanager to watch the log files on Windows station. Follow the Chapter Windows.
We find computer with Apache server and we need to set following properties on Editing client station page:
- Log Type select apache
- Log Source enter the path to the Apache log file.
- Click on Add button, then check the path
- Click on Save button
Log type customization
WES agent starts sending Apache web server messages to the Logmanager.