Documentation forLoggly

Apache Logs

The Apache HTTP server logs it’s access and error logs to files by default. Syslog daemons such as rsyslog can monitor these files and send them to Loggly. This guide assumes you use rsyslog 5.8 or higher, TCP over port 514, the standard Apache logs directory for Ubuntu, and the default Apache logging format. This script has been tested with Apache version 2.4.7. For alternatives, please see the Advanced Options section.

Automatic Apache Script

1. Run The Configure Apache Script

Run our automatic configure-apache script below to setup Apache logging and send the logs to Loggly through your syslog daemon. Alternatively, you can follow our manual configuration instructions below.

curl -O https://www.loggly.com/install/configure-apache.sh
sudo bash configure-apache.sh -a SUBDOMAIN -u USERNAME 

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.

2. Verify Events

Search Loggly for events with the apache tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

tag:apache 

Click on one of the logs to show a list of Apache fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.

Apache logs in Loggly

3. Use Your Logs

Get value from your logs by solving problems and proactively preventing them.

Manual Configuration

1. Configure Syslog Daemon

If you haven’t already, run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can manually configure Rsyslog or Syslog-ng.

curl -O https://www.loggly.com/install/configure-linux.sh
sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME 

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

2. Setup Apache File Monitoring

Copy this to your terminal window and run it. It will make sure the working directory exists. If it’s an Ubuntu system, it will set the proper permissions. It will then open an Apache configuration file.

sudo mkdir -v /var/spool/rsyslog
if [ "$(lsb_release -ds | grep Ubuntu)" != "" ]; then
  sudo chown -R syslog:adm /var/spool/rsyslog
fi
sudo vim /etc/rsyslog.d/21-apache.conf
 

Copy in the additional configuration below to add file monitoring for Apache access and error logs.

$ModLoad imfile
$InputFilePollInterval 10 
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# Apache access file:
$InputFileName /var/log/apache2/access.log
$InputFileTag apache-access:
$InputFileStateFile stat-apache-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#Apache Error file: 
$InputFileName /var/log/apache2/error.log
$InputFileTag apache-error:
$InputFileStateFile stat-apache-error
$InputFileSeverity error
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#Add a tag for apache events
$template LogglyFormatApache,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"apache\"] %msg%\n"
if $programname == 'apache-access' then @@logs-01.loggly.com:514;LogglyFormatApache
if $programname == 'apache-access' then ~
if $programname == 'apache-error' then @@logs-01.loggly.com:514;LogglyFormatApache
if $programname == 'apache-error' then ~
 

Replace:

  • TOKEN: your customer token from the source setup page
  • InputFileName: The example is designed for Debian-based systems like Ubuntu. For Redhat and CentOS, change to /var/log/httpd/access_log and /var/log/httpd/error_log. Use your custom log file location if you use a non-standard one.

Restart rsyslogd

$ sudo service rsyslog restart 

3. Verify Events

Search Loggly for events with the Apache tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

tag:apache 

Click on one of the logs to show a list of Apache fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.

Apache logs in Loggly

4. Use Your Logs

Get value from your logs by solving problems and proactively preventing them.

Advanced Apache Logs Options

Apache Logs Troubleshooting

If you don’t see any data show up in the verification step, then check for these common problems.

Check Apache:

  • Wait a few minutes in case indexing needs to catch up
  • Make sure you replaced your customer token in the configuration file
  • Check the apache log files to make sure they exist and you have the right path and permissions
  • Try sending a test log with an apache tag: logger -t apache-access test

Check Your Syslog Daemon:

SELinux Error:

  • Sample Error Messages:
    ERROR: selinux status is 'Enforcing'. Please manually restart the rsyslog daemon or turn off selinux by running 'setenforce 0' and then rerun the script. 

    If you see this error then you will need to disable the SELinux by setting it to permissive mode using the below command:

    sudo setenforce 0 

Still Not Working?

When the APM Integrated Experience is enabled, Loggly shares a common navigation and settings with the other integrated experiences' products. How you navigate Loggly and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.