web.apache
Introduction
The tags beginning with web.apache
identify events generated by the Apache HTTP Server Project belonging to The Apache Software Foundation.
Valid tags and data tables
The full tag must have 6 levels. The first two are fixed as web.apache
. The third level identifies the type of events sent and the rest of them indicate the event subtypes.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product/Service | Tag | Data table |
---|---|---|
Apache HTTP Server Project |
|
|
|
| |
| ||
| ||
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
Devo also supports the events generated by the ModSecurity web application firewall.
For more information, read more about Devo tags.
Table structure
These are the fields displayed in these tables:
How is the data sent to Devo?
Sending to Devo using rsyslog
We recommend using a rsyslog configuration file to monitor and forward the Apache error and access logs. For guidance, see the articles about file monitoring and sending using rsyslog.
To located your Apache log files, look for the ErrorLog and CustomLog directives in your Apache log configuration file.
Sending to Devo using logger
The ErrorLog and CustomLog directives can also write events to an external process like a logger. This is how you would express these directives to write events to the logger
Forwarding to local syslog:
A note about syslog sending
Although Apache is able to send error logs using syslog, we don't recommend using this method. Since syslog sending is not available for the access logs, the installation would require the use of a different sending method thus creating added complexity. Unselect the “sent without syslog tag” when setting up logs to ingest into parsers.
To know more about this topic, visit Sending data to Devo.