Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Linux Apache Web Server Logs Configuration

Owned by Customer Success & Engineering (Unlicensed)
Last updated: Apr 11, 2023
1 min read

 

Overview

Using this document we configure Linux server with the CCE, CCE pulls the logs and redirect it to APE.

For this configuration we use UDP port 514.

Steps of Configuration:-

  •  Login as root user on the linux application server 

  •  Add these lines on /etc/rsyslog.conf file

  • Run the command : vi  /etc/rsyslog.conf

         $ModLoad imfile

#### GLOBAL DIRECTIVES ####

        $InputFileName /var/log/httpd/access_log (Centos)

                                      OR

        $InputFileName /var/log/apache2/access.log (Ubuntu)

        $InputFileTag apache-access:

        $InputFileStateFile state-apache-access

        $InputRunFileMonitor

  • After adding , configure CCE-IP at the end of file:

#*.* @@remote-host:514

# ### end of the forwarding rule ###

*.* @CCE_IP:514

  • Restart rsyslog service using below command: “ service rsyslog restart

Verification:-

  • VERIFICATION CAN BE DONE IN TWO WAYS :-

                 1.By checking on UI 

                 2. Checking logs through CCE server

Verification through UI 

  • Open UI >>System tab >> Logs and flows collection status.

Verification Through CCE server

  • Run the command on CCE server " sudo tcpdump -i any port 514 and host <IP address>

Seceon Inc. All rights reserved. https://www.seceon.com