APACHE2 FOR LINUX

Instructions for forwarding Apache2 for Linux logs to your Log Management device

PREREQUISITES

Apache2 on Linux OS
  • Access to the apache2 log file
  • Access and permission to modify the rsyslog config file
Clone Systems Log Management Device
  • The IP Address for the Clone Systems Log Management device
Instructions

1. Open a command prompt and SSH into the Linux Server using a tool like PuTTY.

2. Locate the necessary files.

By default, the rsyslog.conf can be found at /etc/.

By default, the apache2 logs (possibly named access.log or error.log) are located in /var/log/apache2/.

3. Open the rsyslog configuration file.

  • # vi /etc/rsyslog.conf

4. Go to the end of the file and add the following lines to configure log messages to be sent to the Clone Systems Log Management device.

Note: It may be necessary to change the location/name of the log file.

Note: There are 2 variables, target and protocol, in the code that must be declared.

  • ### Modules####
  • module(load=”imfile”) # file
  • #### Inputs#######
  • ## Apache2 Error File
  • input(type=”imfile” File=”/var/log/apache2/error.log”
  • Tag=”Apache2-Error”
  • PersistStateInterval=”10000″
  • Severity=”info”
  • MaxSubmitAtOnce=”20000″
  • Facility=”local5″
  • )
  • ## Apache2 Access log
  • input(type=”imfile” File=”/var/log/apache2/access.log”
  • Tag=”Apache2-access”
  • PersistStateInterval=”10000″
  • Severity=”info”
  • MaxSubmitAtOnce=”20000″
  • Facility=”local5″
  • )
  • #### Action Forward to syslog server with a disk queue
  • action(type=”omfwd”
  • name=”syslogfwd”
  • action.resumeinterval=”2″
  • action.resumeretrycount=”-1″
  • queue.type=”disk”
  • queue.filename=”actionRqyslog”
  • queue.maxdiskspace=”500m”
  • queue.size=”500000″
  • queue.timeoutenqueue=”0″
  • queue.discardmark=”499990″
  • target=”{ IP Address of Clone Systems Log collector }”
  • port=”514″
  • protocol=”{ tcp or udp }” # change to support tcp or udp
  • )

5. Save the rsyslog configuration file.

6. Restart the rsyslog service.

  • # service rsyslog restart

7. Restart the Linux server.

  • # reboot -f