web analytics

APACHE2 FOR LINUX

Log Forwarding > Applications > Apache2 for Linux

Instructions for forwarding Apache2 for Linux logs to your Log Management device

PREREQUISITES

Apache2 on Linux OS

  • Access to the apache2 log file
  • Access and permission to modify the rsyslog config file

Clone Systems Log Management Device

  • The IP Address for the Clone Systems Log Management device

INSTRUCTIONS

1

Open a command prompt and SSH into the Linux Server using a tool like PuTTY.

2

Locate the necessary files.

By default, the rsyslog.conf can be found at /etc/.

By default, the apache2 logs (possibly named access.log or error.log) are located in /var/log/apache2/.

3

Open the rsyslog configuration file.

vi /etc/rsyslog.conf

4

Go to the end of the file and add the following lines to configure log messages to be sent to the Clone Systems Log Management device.

Note: It may be necessary to change the location/name of the log file.

Note: There are 2 variables, target and protocol, in the code that must be declared.

### Modules####

module(load=”imfile”) # file

#### Inputs#######

## Apache2 Error File

input(type=”imfile” File=”/var/log/apache2/error.log”

Tag=”Apache2-Error”

PersistStateInterval=”10000″

Severity=”info”

MaxSubmitAtOnce=”20000″

Facility=”local5″

)

## Apache2 Access log

input(type=”imfile” File=”/var/log/apache2/access.log”

Tag=”Apache2-access”

PersistStateInterval=”10000″

Severity=”info”

MaxSubmitAtOnce=”20000″

Facility=”local5″

)

#### Action Forward to syslog server with a disk queue

action(type=”omfwd”

name=”syslogfwd”

action.resumeinterval=”2″

action.resumeretrycount=”-1″

queue.type=”disk”

queue.filename=”actionRqyslog”

queue.maxdiskspace=”500m”

queue.size=”500000″

queue.timeoutenqueue=”0″

queue.discardmark=”499990″

target=”{ IP Address of Clone Systems Log collector }”

port=”514″

protocol=”{ tcp or udp }” # change to support tcp or udp

)

 

5

Save the rsyslog configuration file.

6

Restart the rsyslog service.

service rsyslog restart

7

Restart the Linux server.

reboot -f