Apache Access Logs

The agent collects Apache access logs to provide visibility into web server requests, including performance metrics and error rates.

How it works

The agent uses the apache collector to tail log files matching the pattern /var/log/apache2/*access.log.

It automatically parses the Common Log Format (CLF) and Combined Log Format used by Apache to extract structured metadata. The timestamp is parsed from the [02/Jan/2006:15:04:05 -0700] format, ensuring that log entries are correctly indexed and searchable by time.

Access requirements

By default, the simob-agent system service is granted read access to log files through system-wide capabilities (such as CAP_DAC_READ_SEARCH on Linux).

These capabilities allow the agent to monitor logs without requiring the user to be part of specific groups (like adm or www-data).

If this capability-based access is disabled (for example, when using the --no-system-read installation flag), you must ensure that the simob-agent user has explicit read permissions for the log files.

To verify access manually:

sudo -u simob-agent tail -n 1 /var/log/apache2/access.log