The Apache log format and directory are generally in the configuration file /etc/apache2/httpd.conf.
Apache log format
Log format
The Apache log configuration file defines two print formats: combined format and common format.
- Combined format:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
Common format:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
The declaration uses the combined log format and the written file name.
CustomLog "/var/log/apache2/access_log" combined
Field description
| Field format | Description |
|---|---|
| %a | remote_ip |
| %A | local_ip |
| %B | size |
| %b | size |
| %D | time_taken_ms |
| %h | remote_host |
| %H | protocol |
| %l | ident |
| %m | method |
| %p | port |
| %P | pid |
| “%q” | url_query |
| “%r” | request |
| %s | status |
| %>s | status |
| %t | time |
| %T | time_taken |
| %u | remote_user |
| %U | url_stem |
| %v | server_name |
| %V | canonical_name |
| %I | bytes_received |
| %O | bytes_sent |
| “%{User-Agent}i” | user_agent |
| “%{Referer}i” | referer |
Log sample
192.168.1.2 - - [02/Feb/2016:17:44:13 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://localhost/x1.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"
Configure Logtail to collect Apache logs
For the complete process of collecting Apache logs by using Logtail, see Quick start. Select the corresponding configuration based on your network deployment and actual situation. This document only shows how to configure data source in Step 3 Configure data import wizard in details.
Enter the Configuration Name and Log Path. Then, select Full Mode as the log collection mode.
Enter the log sample and turn on the Extract Field switch.
Click Manually Input Regular Expression to adjust the automatically generated regular expression.
Log Service supports automatically parsing the log sample with mouse-selection, that is, automatically generating the regular expression for the field selected with the mouse. However, considering the format of the actual log data might have minor changes, you must adjust the automatically generated regular expression according to the actual situations to conform to all the log formats that might occur in the collection process.
Note: The
lengthfield here is numeric, but can be a hyphen (-) in some situations. Therefore, replace the matched result(\d+)with(\S+). If other fields are in the same situation, replace the matched result with the same rule.Click Validate after modifying the regular expression. If the regular expression is correct, extracted results are displayed. Adjust the regular expression if any errors exist.
Enter the corresponding key for the log content extraction result.
Assign a meaningful field name for each extraction result, for example, name a time field as time.
Turn on the Use System Time switch and then click Next.
After configuring Logtail, apply the configuration to the machine group to start collecting Apache logs standardly.