Collect Logs and Metrics for Apache

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Collect Logs for Apache

This page provides instructions for configuring log and metric collection for the Sumo Logic App for Apache.

Collection Process Overview

Configuring log and metric collection for the Apache App includes the following tasks:

Step 1: Configure Fields in Sumo Logic.
Step 2: Configure Collection for Apache
- Collect Apache Logs and Metrics for Non-Kubernetes environments.
- Collect Apache Logs and Metrics for Kubernetes environments.

Step 1: Configure Fields in Sumo Logic

Create the following Fields in Sumo Logic prior to configuring collection. This ensures that your logs and metrics are tagged with relevant metadata, which is required by the app dashboards. For information on setting up fields, see the Fields help page.

If you are using Apache in a non-Kubernetes environment create the fields:

component
environment
webserver_system
webserver_farm

If you are using Apache in a Kubernetes environment create the fields:

pod_labels_component
pod_labels_environment
pod_labels_webserver_system
pod_labels_webserver_farm

Step 2: Configure Collection for Apache

Sumo Logic supports collection of logs and metrics data from Apache in both Kubernetes and non-Kubernetes environments.

Please click on the appropriate links below based on the environment where your Apache farms are hosted.

Sample Log Messages

For Kubernetes:

Access Logs:

{
"timestamp":1620630466883,
"log":"192.168.29.177 - - [10/May/2021:07:07:44 +0000] \"GET / HTTP/1.1\" 200 45",
"stream":"stdout",
"time":"2021-05-10T07:07:44.649858568Z"
}

Error Logs:

{
"timestamp":1620125665927,
"log":"[Tue May 04 10:54:25.460469 2021] [ssl:error] [pid 53] [client 192.168.85.135:52327] AH02042: rejecting client initiated renegotiation",
"stream":"stderr",
"time":"2021-05-04T10:54:25.460664201Z"
}

For Non-Kubernetes

Access Logs:

192.168.29.177 - - [26/Apr/2021:12:18:32 +0530] "GET /server-status HTTP/1.1" 404 196

Error Logs:

[Mon Apr 26 09:52:58.188858 2021] [core:notice] [pid 530] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

Query Sample

This sample Query is from the Top 5 Clients Causing 4xx Errors panel of the Apache - Webserver Operations dashboard.

Query String:

webserver_system=apache webserver_farm=* HTTP (40* OR 41* OR 42* OR 43* OR 44* or 45* or 49*)
| json "log" nodrop | if (_raw matches "{*", log, _raw) as mesg
| parse regex field=mesg "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop
| parse regex field=mesg "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP\/[\d\.]+[\\n]*\"\s(?<status_code>\d+)\s(?<size>[\d-]+)" nodrop
| parse regex field=mesg "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP\/[\d\.]+[\\n]*\"\s(?<status_code>\d+)\s(?<size>[\d-]+)\s\"(?<referrer>.*?)\"\s\"(?<user_agent>.+?)\".*" nodrop
| where status_code matches "4*"
| count as count by src_ip
| sort count, src_ip asc
| limit 5