Apache logs
The agent collects Apache access logs to provide visibility into web server requests, including performance metrics and error rates. This enables real-time monitoring of your web traffic and helps identify unauthorized access attempts or server load issues.
Setup
Monitoring Apache logs requires the log files to be in the standard /var/log/apache2/ location. The agent uses system capabilities (CAP_DAC_READ_SEARCH) to read records; if these are disabled, you must grant the simob-agent user explicit read access to the log directory.
Expected log format
The agent expects logs in the Common Log Format (CLF) or Combined Log Format. Specifically, it requires the standard timestamp format [day/month/year:hour:minute:second zone] to correctly index events:
[02/Jan/2006:15:04:05 -0700]If you use a custom LogFormat, ensure this timestamp structure is preserved.
Configuration
Log collection is enabled by default for Apache. No additional configuration is required.
Logs
The agent automatically parses structured information from Apache access logs to provide searchable metadata:
Labels
| Label | Description | Example / Values |
|---|---|---|
timestamp | Extracted from the log entry for accurate event ordering. | 02/Jan/2006:15:04:05 -0700 |
source | Identifies the origin collector. | apache |
Troubleshooting
Verify file access
Manually check if the simob-agent user can read the Apache access log:
sudo -u simob-agent tail -n 1 /var/log/apache2/access.logCheck log persistence
If logs are not appearing in the dashboard, ensure that Apache is actively writing to the expected files in /var/log/apache2/.