Apache Web Server

Seer Box side configuration

To set Apache as the source, simply select the Apache Web Server value in the Log type field in step 3 of the traffic source creation.

No additional fields will be required.

Source side configuration

The Apache web server allows access logs to be sent using the logger tool, either via UDP or TCP protocol.

References

https://httpd.apache.org/docs/2.4/logs.html

Configuration directory

Red Hat based systems

/etc/httpd/

Debian based systems

/etc/apache2/

Log format

To define a new log format compatible with Seer Box you can use the directive LogFormat, as shown below:

LogFormat "\"%{msec}t\"|\"%{UNIQUE_ID}e\"|\"%A\"|\"%{local}p\"|\"%a\"|\"%m\"|\"%U\"|\"%q\"|\"%H\"|\"%v\"|\"%{Host}i\"|\"%{User-agent}i\"|\"%{Referer}i\"|\"%{Accept}i\"|\"%{Cookie}i\"|\"%{Content-Type}i\"|\"%I\"|\"%s\"|\"%{X-Forwarded-For}i\"|\"%{Content-Type}o\"|\"%O\"" sb_log

Sending logs

For sending logs, it is necessary to configure the field CustomLog for each virtual host to be monitored, as shown below:

CustomLog "|/usr/bin/logger --tag apache_sb: --size 10485760 --udp --server IP_HOST_SB --port PORT_SB" sb_log

Variables to be replaced

IP_HOST_SB: IP address of the Seer Box instance.
PORT_SB: the port of the Seer Box listening interface, related to the configured traffic source. The port number can be found under the source detailed information in the Seer Box web interface, on Settings - Traffic Sources page.

Apache Web Server

Seer Box side configuration​

Source side configuration​

References​

Configuration directory​

Log format​

Sending logs​