Collect Logs and Metrics for Apache
Collect Logs for Apache
This page provides instructions for configuring log and metric collection for the Sumo Logic App for Apache.
Collection Process Overview
Configuring log and metric collection for the Apache App includes the following tasks:
- Step 1: Configure Fields in Sumo Logic.
- Step 2: Configure Collection for Apache
Step 1: Configure Fields in Sumo Logic
Create the following Fields in Sumo Logic prior to configuring collection. This ensures that your logs and metrics are tagged with relevant metadata, which is required by the app dashboards. For information on setting up fields, see the Fields help page.
If you are using Apache in a non-Kubernetes environment create the fields:
- component
- environment
- webserver_system
- webserver_farm
If you are using Apache in a Kubernetes environment create the fields:
- pod_labels_component
- pod_labels_environment
- pod_labels_webserver_system
- pod_labels_webserver_farm
Step 2: Configure Collection for Apache
Sumo Logic supports collection of logs and metrics data from Apache in both Kubernetes and non-Kubernetes environments.
Please click on the appropriate links below based on the environment where your Apache farms are hosted.
Sample Log Messages
For Kubernetes:
Access Logs:
{ "timestamp":1620630466883, "log":"192.168.29.177 - - [10/May/2021:07:07:44 +0000] \"GET / HTTP/1.1\" 200 45", "stream":"stdout", "time":"2021-05-10T07:07:44.649858568Z" }
Error Logs:
{ "timestamp":1620125665927, "log":"[Tue May 04 10:54:25.460469 2021] [ssl:error] [pid 53] [client 192.168.85.135:52327] AH02042: rejecting client initiated renegotiation", "stream":"stderr", "time":"2021-05-04T10:54:25.460664201Z" }
For Non-Kubernetes
Access Logs:
192.168.29.177 - - [26/Apr/2021:12:18:32 +0530] "GET /server-status HTTP/1.1" 404 196
Error Logs:
[Mon Apr 26 09:52:58.188858 2021] [core:notice] [pid 530] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Query Sample
This sample Query is from the Top 5 Clients Causing 4xx Errors panel of the Apache - Webserver Operations dashboard.
Query String:
webserver_system=apache webserver_farm=* HTTP (40* OR 41* OR 42* OR 43* OR 44* or 45* or 49*) | json "log" nodrop | if (_raw matches "{*", log, _raw) as mesg | parse regex field=mesg "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop | parse regex field=mesg "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP\/[\d\.]+[\\n]*\"\s(?<status_code>\d+)\s(?<size>[\d-]+)" nodrop | parse regex field=mesg "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP\/[\d\.]+[\\n]*\"\s(?<status_code>\d+)\s(?<size>[\d-]+)\s\"(?<referrer>.*?)\"\s\"(?<user_agent>.+?)\".*" nodrop | where status_code matches "4*" | count as count by src_ip | sort count, src_ip asc | limit 5