Support Logging setup

                      Apache Logs

                      Apache Logs

                      The Apache HTTP server logs it’s access and error logs to files by default. Syslog daemons such as rsyslog can monitor these files and send them to Loggly. This guide assumes you use rsyslog 5.8 or higher, TCP over port 514, the standard Apache logs directory for Ubuntu, and the default Apache logging format. This script has been tested with Apache version 2.4.7. For alternatives, please see the Advanced Options section.

                      Automatic Apache Script

                      1. Run The Configure Apache Script

                      Run our automatic configure-apache script below to setup Apache logging and send the logs to Loggly through your syslog daemon. Alternatively, you can follow our manual configuration instructions below.

                      curl -O http://www.kaihua.site/install/configure-apache.sh
                      sudo bash configure-apache.sh -a SUBDOMAIN -u USERNAME
                      

                      Replace:

                      • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
                      • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

                      You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.

                      2. Verify Events

                      Search Loggly for events with the apache tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

                      tag:apache

                      Click on one of the logs to show a list of Apache fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.

                      Apache logs in Loggly

                      3. Use Your Logs

                      Get value from your logs by solving problems and proactively preventing them.

                      Manual Configuration

                      1. Configure Syslog Daemon

                      If you haven’t already, run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can manually configure Rsyslog or Syslog-ng.

                      curl -O http://www.kaihua.site/install/configure-linux.sh
                      sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME
                      

                      Replace:

                      • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
                      • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

                      2. Setup Apache File Monitoring

                      Copy this to your terminal window and run it. It will make sure the working directory exists. If it’s an Ubuntu system, it will set the proper permissions. It will then open an Apache configuration file.

                      sudo mkdir -v /var/spool/rsyslog
                      if [ "$(lsb_release -ds | grep Ubuntu)" != "" ]; then
                         sudo chown -R syslog:adm /var/spool/rsyslog
                      fi
                      sudo vim /etc/rsyslog.d/21-apache.conf
                      

                      Copy in the additional configuration below to add file monitoring for Apache access and error logs.

                      $ModLoad imfile
                      $InputFilePollInterval 10 
                      $PrivDropToGroup adm
                      $WorkDirectory /var/spool/rsyslog
                      
                      # Apache access file:
                      $InputFileName /var/log/apache2/access.log
                      $InputFileTag apache-access:
                      $InputFileStateFile stat-apache-access
                      $InputFileSeverity info
                      $InputFilePersistStateInterval 20000
                      $InputRunFileMonitor
                      
                      #Apache Error file: 
                      $InputFileName /var/log/apache2/error.log
                      $InputFileTag apache-error:
                      $InputFileStateFile stat-apache-error
                      $InputFileSeverity error
                      $InputFilePersistStateInterval 20000
                      $InputRunFileMonitor
                      
                      #Add a tag for apache events
                      $template LogglyFormatApache,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"apache\"] %msg%\n"
                      
                      if $programname == 'apache-access' then @@logs-01.loggly.com:514;LogglyFormatApache
                      if $programname == 'apache-access' then ~
                      if $programname == 'apache-error' then @@logs-01.loggly.com:514;LogglyFormatApache
                      if $programname == 'apache-error' then ~
                      

                      Replace:

                      • TOKEN: your customer token from the source setup page
                      • InputFileName: The example is designed for Debian-based systems like Ubuntu. For Redhat and CentOS, change to /var/log/httpd/access_log and /var/log/httpd/error_log. Use your custom log file location if you use a non-standard one.

                      Restart rsyslogd

                      $ sudo service rsyslog restart

                      3. Verify Events

                      Search Loggly for events with the Apache tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

                      tag:apache

                      Click on one of the logs to show a list of Apache fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.

                      Apache logs in Loggly

                      4. Use Your Logs

                      Get value from your logs by solving problems and proactively preventing them.

                      Advanced Apache Logs Options

                      Apache Logs Troubleshooting

                      If you don’t see any data show up in the verification step, then check for these common problems.

                      Check Apache:

                      • Wait a few minutes in case indexing needs to catch up
                      • Make sure you replaced your customer token in the configuration file
                      • Check the apache log files to make sure they exist and you have the right path and permissions
                      • Try sending a test log with an apache tag: logger -t apache-access test

                      Check Your Syslog Daemon:

                      SELinux Error:

                      • Sample Error Messages:
                        ERROR: selinux status is 'Enforcing'. Please manually restart the rsyslog daemon or turn off selinux by running 'setenforce 0' and then rerun the script.

                        If you see this error then you will need to disable the SELinux by setting it to permissive mode using the below command:

                        sudo setenforce 0

                      Still Not Working?

                      Thanks for the feedback! We'll use it to improve our support documentation.


                      伊人大杳焦综合视频