Log Types: ApacheLog (WebLog)
Overview
The Apache HTTP Server is free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is capable of generating a range of access and error logs.
Apache logs can be collected by the Snare Epilog agent, and forwarded to Snare Central on port 6161 TCP or UDP, or the TLS receiver on port 6163. Access logs will be injected into the WebLog table.
Apache web server logs (in the default apache 'combined' format) can be transferred to the Snare Central server directory /data/SnareCollect/ApacheLog via FTP using the user 'snarexfer'. Logs will be processed daily, at around midnight.
Sample Events
10.3.2.1 - - [17/Mar/2003:18:03:08 +1100] "GET /images/org_background.gif HTTP/1.0" 200 2321 "http://10.3.2.1/login.php" "Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20021203
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | WebLog |
HOSTNAME |
|
USERNAME | If available, the authenticated username requesting access to the data. |
URL | Universal resource locator - the web address of the resource being accessed. |
RETURNCODE | Return code of the access request |
BYTES | The number of bytes transferred |
REFERRER | The referrer page |
AGENT | The browser information provided by the client |
PROTOCOL | HTTP, HTTPS, FTP, GOPHER, and so on |
LOGTYPE | Apache, IIS, Squid, ISA, and other logs are currently all pushed to a consolidated 'WebLog' table. This field allows us to separate web server logs from proxy logs. |
CATEGORY | For Apache, this will be set to the virtual host that is providing the resource |
STRINGS | All other data in the event will be pushed to this field. |