APACHE2 FOR LINUX
Instructions for forwarding Apache2 for Linux logs to your Log Management device
PREREQUISITES
Apache2 on Linux OS- Access to the apache2 log file
- Access and permission to modify the rsyslog config file
Clone Systems Log Management Device- The IP Address for the Clone Systems Log Management device
Instructions
1. Open a command prompt and SSH into the Linux Server using a tool like PuTTY.
2. Locate the necessary files.
By default, the rsyslog.conf can be found at /etc/.
By default, the apache2 logs (possibly named access.log or error.log) are located in /var/log/apache2/.
3. Open the rsyslog configuration file.
4. Go to the end of the file and add the following lines to configure log messages to be sent to the Clone Systems Log Management device.
Note: It may be necessary to change the location/name of the log file.
Note: There are 2 variables, target and protocol, in the code that must be declared.
- ### Modules####
- module(load=”imfile”) # file
- #### Inputs#######
- ## Apache2 Error File
- input(type=”imfile” File=”/var/log/apache2/error.log”
- Tag=”Apache2-Error”
- PersistStateInterval=”10000″
- Severity=”info”
- MaxSubmitAtOnce=”20000″
- Facility=”local5″
- )
- ## Apache2 Access log
- input(type=”imfile” File=”/var/log/apache2/access.log”
- Tag=”Apache2-access”
- PersistStateInterval=”10000″
- Severity=”info”
- MaxSubmitAtOnce=”20000″
- Facility=”local5″
- )
- #### Action Forward to syslog server with a disk queue
- action(type=”omfwd”
- name=”syslogfwd”
- action.resumeinterval=”2″
- action.resumeretrycount=”-1″
- queue.type=”disk”
- queue.filename=”actionRqyslog”
- queue.maxdiskspace=”500m”
- queue.size=”500000″
- queue.timeoutenqueue=”0″
- queue.discardmark=”499990″
- target=”{ IP Address of Clone Systems Log collector }”
- port=”514″
- protocol=”{ tcp or udp }” # change to support tcp or udp
- )
5. Save the rsyslog configuration file.
6. Restart the rsyslog service.
- #Â service rsyslog restart
7. Restart the Linux server.
