The Apache HTTP Server, colloquially called Apache, is free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.
The following table lists the data source offered by this integration.
||modsecurity logs are analyzed and provide information on detected attacks on web applications|
||Apache logs provide many information like the connected client, the requested resource, the user agent or the response status.|
As of now, the main solution to collect Apache logs leverages the Rsyslog recipe. Please share your experiences with other recipes by editing this documentation.
This setup guide will show you how to forward both your access and error logs to SEKOIA.IO by means of an rsyslog transport channel. The reader is also invited to consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.
At the beginning of your rsyslog configuration file for the Apache logs, paste the following instruction to order the rsyslog server to load the module
Then use the following configuration to leverage this module to monitor apache httpd access and error output files (please note that the path to the log file may change depending on the OS and your configuration):
# error log $InputFileName /var/log/apache2/error.log $InputFileTag apache: $InputFileStateFile stat-apache-error $InputFileSeverity error $InputFileFacility local5 $InputFilePollInterval 1 $InputRunFileMonitor # access log $InputFileName /var/log/apache2/access.log $InputFileTag apache: $InputFileStateFile stat-apache-access $InputFileSeverity notice $InputFileFacility local5 $InputFilePollInterval 1 $InputRunFileMonitor