How to forward Apache web server logs to SGBox

This article explains how to forward logs from Apache web server installed in Linux & Windows systems to SGBox and all the related information.

Linux systems

In the Linux, go In syslog path /etc/ryslog.d/ and Add a file with name like 60-ApacheLogs.conf

In this example, to read the Apache access.log file, insert the following script into the file 60-ApacheLogs.conf.

$ModLoad imfile #Load the imfile input module
$InputFilePollInterval 2
$InputFileName /var/log/apache2/access.log
$InputFileTag file-access:
$InputFileStateFile stat-file-access
$InputFileSeverity Info
$InputRunFileMonitor
$template file_log, " %msg% "

if $programname == 'file-access' then @SGBox-IP:514;file_log
if $programname == 'file-access' then stop

Restart rsyslog daemon to load the new configuration and start to send logs.

service rsyslog restart

This configuration will read the file of Apache access.log and send it via syslog protocol on port 514 UDP to the SGBox-IP .

Windows systems

You can follow the link of article reported below in order to setup your SGAgent installed on apache server too retrieve all the related information, check Capture Logs from File/Folders (TailFolder method) section.

Check the Apache logs in SGBox

To verify that SGBox is correctly handling the raw logs sent by the Apache server, use Historical Search. Once you have verified the raw logs in SGBox, we recommend installing the Apache2 HTTP Server package to allow SGBox to analyze the raw logs received and show you events on the analysis pages.