39. Apache HTTP Server
The Apache HTTP Server provides very comprehensive and flexible logging capabilities. A brief overview is provided in the following sections; see the Log Files section of the Apache HTTP Server Documentation for more detailed information about configuring logging.
39.1. Error Log
Apache error logging is controlled by the ErrorLog, ErrorLogFormat, and
LogLevel directives. The error log can be parsed by NXLog with a regular
expression.
The following directives enable error logging of all messages at or above the
"informational" severity level, in the specified format, to the specified
file. The ErrorLogFormat defined below is equivalent to the default (which
includes the timestamp, the module producing the message, the event severity,
the process ID, the thread ID, the client address, and the detailed error
message).
LogLevel info
ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] [client %a] %M"
ErrorLog /var/log/apache2/error.log
Following is a typical log message generated by the Apache HTTP Server, an NXLog configuration for parsing it, and the resulting JSON.
[Tue Aug 01 07:17:44.496832 2017] [core:info] [pid 15019:tid 140080326108928] [client 192.168.56.1:60154] AH00128: File does not exist: /var/www/html/notafile.html![[Download file]](images/icons/download_icon.png "Download file"){kind=icon}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<Input apache_error>
Module im_file
File '/var/log/apache2/error.log'
<Exec>
if $raw_event =~ /(?x)^\[\S+\ ([^\]]+)\]\ \[(\S+):(\S+)\]\ \[pid\ (\d+):
tid\ (\d+)\]\ (\[client\ (\S+)\]\ )?(.+)$/
{
$EventTime = parsedate($1);
$ApacheModule = $2;
$ApacheLogLevel = $3;
$ApachePID = $4;
$ApacheTID = $5;
if $7 != '' $ClientAddress = $7;
$Message = $8;
}
</Exec>
</Input>
{
"EventReceivedTime": "2017-08-01T07:17:45.641190+02:00",
"SourceModuleName": "apache_error",
"SourceModuleType": "im_file",
"EventTime": "2017-08-01T07:17:44.496832+02:00",
"ApacheModule": "core",
"ApacheLogLevel": "info",
"ApachePID": "15019",
"ApacheTID": "140080317716224",
"ClientAddress": "192.168.56.1:60026",
"Message": "AH00128: File does not exist: /var/www/html/notafile.html"
}39.2. Access Log
The access log file and format are configured with the LogFormat and
CustomLog directives. The LogFormat directive is used to define a format,
while the CustomLog directive configures logging to a specified file in one of
the defined formats. Multiple CustomLog directives can be used to enable
logging to multiple files.
There are several options for handling logging when using virtual hosts. The
examples below, when specified in the main server context (not in a
<VirtualHost> section), will log all requests exactly as with a single-host
server. The %v format string can be added, if desired, to log the name of the
virtual server responding to the request. Alternatively, the CustomLog
directive can be specified inside a <VirtualHost> section, and in this case
only the requests served by that virtual server will be logged to the file.
|
Note
|
Pre-defined format strings for the Common Log and Combined Log Formats may
be included by default. These pre-defined formats may use %O (the total
sent including headers) instead of the standard %b (the size of the
requested file) in order to allow detection of partial requests.
|
The LogFormat directive below creates a format named common that corresponds
to the Common Log Format. The second directive configures the Apache HTTP Server
to write entries to the access_log file in the common format.
LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog /var/log/apache2/access_log common
The following directives will configure the Apache HTTP Server to write entries
to the access_log file in the Combined Log Format.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog /var/log/apache2/access_log combined
NXLog configuration examples for parsing these access log formats can be found in the Common & Combined Log Formats section.