Loggly, Inc.

Welcome, Guest Login

Support Center

Logging from Apache

Last Updated: Nov 18, 2013 05:17PM PST

Forwarding Access Logs (using rsyslog)

The easiest/best way of forwarding apache access logs is to use rsyslog's file monitor module. Add the following to your rsyslog config (/etc/rsyslog.conf):

#Only needs to be loaded once, like most rsyslog modules
$ModLoad imfile

#path to the file which you want to monitor
$InputFileName /var/log/apache2/access.log

#The tag apache can be changed to whatever you'd like
$InputFileTag apache:

#the name of file within rsyslogs working directory
$InputFileStateFile stat-apache-access

#By default this is set to 'notice'
$InputFileSeverity info

#This is necessary for file monitoring (no parameters)

#Set to how often the file should be polled. (default = 10s)
$InputFilePollInterval 10 

# This is a template for Loggly. Substitute your Customer Token for TOKEN
$template LogglyFormatApache,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"apache\"] %msg%\n"
# Make sure the template above is on one line.

if $programname == 'apache' then @@logs-01.loggly.com:514;LogglyFormatApache

More details on rsyslog & file monitoring are available.

Forwarding Error Logs

Apache has a directive to send error messages directly to syslog. To use the ErrorLog directive just add the following snippet to your apache config file (/etc/apache2/httpd.conf)

ErrorLog syslog:user
Once you've done that, you'll be able to forward logs through syslog. Use our Configure Syslog script to get set up.

Logging in JSON

You can also configure apache to log in JSON format, which allows us to automatically parse the data even if it's not in one of our standard accepted apache formats.
# JSON extended log format including: User-Agent, Referer, and X-Forwarded-For
LogFormat "{ \"time\":\"%t\", \"remoteIP\":\"%a\", \"host\":\"%V\", \"request\":\"%U\", \"query\":\"%q\", \"method\":\"%m\", \"status\":\"%>s\", \"userAgent\":\"%{User-agent}i\", \"referer\":\"%{Referer}i\", \"X-Forwarded-For\":\"%{X-Forwarded-For}i\" }" jsonlog
CustomLog /var/log/apache_access.json jsonlog

Scrubbing or Filtering Apache Logs

If you want to scrub data before sending it to Loggly from things like personal identifiers or you'd like to just send specific messages like errors, you can use Apache Piped Logging.  In short, this feature allows you to pipe Apache log messages through an external process. This is extremely powerful and will allow us to use a program like grep to pattern match for only errors and warnings. 

In the below example, we use grep's extended version and inverse the match to capture everything that is NOT a 2xx (success) or 3xx (redirect).
# Pipe only warnings/errors to json log file
CustomLog "|/bin/grep -E --invert-match --line-buffered 'status.?[[:punct:]].?[23]' |cat >> /var/log/httpd/errors.json" jsonlog  

Contact Us

seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found