Apache Logs Integration with DNIF on Ubuntu
  • 1 Minute to read
  • Contributors
  • Dark
  • PDF

Apache Logs Integration with DNIF on Ubuntu

  • Dark
  • PDF

The following configurations should be done to forward Apache logs to DNIF.

  • Log in to the server that hosts Apache, as root user and install syslog package.
$ apt-get install rsyslog
  • Edit the Apache configuration file apache2.conf.
$ vim /etc/apache2/apache2.conf
  • Now, check if following lines are available and uncommented for to specify Apache combined format.
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
  • To specify DNIF Apache custom format, replace the existing Log format with below,
LogFormat "t:%t A:%A p:%p h:%h m:%m H:%H f:%f q:%q r:%r s:%s ua:\"%{User-Agent}i\" ref:\"%{Referer}i\" fwd:%{X-Forwarded-For}i host:%{Host}i B:%B D:%D k:%k l:%l u:%u U:%U v:%v V:%V X:%X I:%I O:%O T:%T uid:%{UNIQUE_ID}e" a2dnifcust
  • Now, edit ../sites-enabled/000-default.conf [Or your Site configuration if name is manually assigned] and Add/Edit the following information in your Site configuration file to specify a custom path for the syslog events,

For this example we are choosing local1 and local2 as log facility. You can set your own localX based on availability.

$ vim /etc/apache2/apache2.conf

####For error logs
ErrorLog ${APACHE_LOG_DIR}/error.log
ErrorLog syslog:local1

####For access logs
CustomLog ${APACHE_LOG_DIR}/access.log combined
CustomLog "|/usr/bin/logger -t Apache -i -p local2.info" combined
  • To specify Apache DNIF custom format, replace combined log format with a2dnifcust.

  • Save the Apache configuration file.

  • Edit the syslog configuration file.

$ vim /etc/rsyslog.d/50-default.conf

  • Add the following information to syslog configuration file,
##For System logs
*.*	@DNIF-Adapter-IP:514

##For apache logs
local1.*	@DNIF-Adapter-IP:514
local2.*	@DNIF-Adapter-IP:514
  • Save the syslog configuration file and restart the rsyslog service.
$ etc/init.d/rsyslog restart
  • Restart Apache to complete syslog configuration.
$ /etc/init.d/apache2 restart

Apache logs are now streamed to DNIF.

Was this article helpful?