Apache Logs

The Apache HTTP server logs it’s access and error logs to files by default. Syslog daemons such as rsyslog can monitor these files and send them to Loggly. This guide assumes you use rsyslog 1.19 or higher, TCP over port 514, the standard Apache logs directory for Ubuntu, and the default Apache logging format. For alternatives, please see the Advanced Options section.

Automatic Apache Script

  • Run The Configure Apache Script

Run our automatic configure-apache script below to setup Apache logging and send the logs to Loggly through your syslog daemon. Alternatively, you can follow our manual configuration instructions below.

curl -O https://www.loggly.com/install/configure-apache.sh
sudo bash configure-apache.sh -a SUBDOMAIN -u USERNAME

Replace:

      • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
      • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.

  • Verify Events

Search Loggly for events with the apache tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

tag:apache

Click on one of the logs to show a list of Apache fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.
Apache Logs

  • Use Your Logs

Get value from your logs by solving problems and proactively preventing them.

Manual Configuration

  • Configure Syslog Daemon

If you haven’t already, run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can manually configure Rsyslog or Syslog-ng.

curl -O https://www.loggly.com/install/configure-linux.sh
sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME

Replace:

      • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
      • USERNAME: your Loggly username, which is visible at the top right of the Loggly console
  • Setup Apache File Monitoring

Copy this to your terminal window and run it. It will make sure the working directory exists. If it’s an Ubuntu system, it will set the proper permissions. It will then open an Apache configuration file.

sudo mkdir -v /var/spool/rsyslog
if [ "$(lsb_release -ds | grep Ubuntu)" != "" ]; then
   sudo chown -R syslog:adm /var/spool/rsyslog
fi
sudo vim /etc/rsyslog.d/21-apache.conf

Copy in the additional configuration below to add file monitoring for Apache access and error logs.

$ModLoad imfile
$InputFilePollInterval 10 
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog

# Apache access file:
$InputFileName /var/log/apache2/access.log
$InputFileTag apache-access:
$InputFileStateFile stat-apache-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

#Apache Error file: 
$InputFileName /var/log/apache2/error.log
$InputFileTag apache-error:
$InputFileStateFile stat-apache-error
$InputFileSeverity error
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

#Add a tag for apache events
$template LogglyFormatApache,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"apache\"] %msg%\n"

if $programname == 'apache-access' then @@logs-01.loggly.com:514;LogglyFormatApache
if $programname == 'apache-access' then ~
if $programname == 'apache-error' then @@logs-01.loggly.com:514;LogglyFormatApache
if $programname == 'apache-error' then ~

Replace:

      • TOKEN: your customer token from the source setup page
      • InputFileName: The example is designed for Debian-based systems like Ubuntu. For Redhat and CentOS, change to /var/log/httpd/access_log and /var/log/httpd/error_log. Use your custom log file location if you use a non-standard one.

Restart rsyslogd

$ sudo service rsyslog restart
  • Verify Events

Search Loggly for events with the Apache tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

tag:apache

Click on one of the logs to show a list of Apache fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.
Apache Logging

  • Use Your Logs

Get value from your logs by solving problems and proactively preventing them.

Advanced Apache Logs Options

Apache Logs Troubleshooting

If you don’t see any data show up in the verification step, then check for these common problems.

Check Apache:

    • Wait a few minutes in case indexing needs to catch up
    • Make sure you replaced your customer token in the configuration file
    • Check the apache log files to make sure they exist and you have the right path and permissions
    • Try sending a test log with an apache tag: logger -t apache-access test

Check Your Syslog Daemon:

Still Not Working?

  • Search or post your own questions on log files, error logs, log rotation, log format, and more in the community forum.
Thanks for the feedback! We'll use it to improve our support documentation.


Top