Skip to content

How to configure Apache to send logs to Cyberquest server

To integrate Apache logs into Cyberquest, follow these steps:

  1. Log in to the server that hosts Apache, as the root user;
  2. Edit the Apache configuration file httpd.conf;
  3. Add the following information in the Apache configuration file to specify the custom log format: LogFormat \"%h %A %l %u %t \\"%r\\" %>s %p %b\" \<log format name> (where \<log format name> is a variable name you provide to define the log format);
  4. Add the following information in the Apache configuration file to specify a custom path for the syslog events: CustomLog \"|/usr/bin/logger -t httpd -p \<facility>.\<priority>\" \<log format name>, where:
    • \<facility> is a syslog facility (for example, local0)
    • \<priority> is a syslog priority (for example, info or notice)
    • \<log format name> is a variable name that you provide to define the custom log format and must match the log format name that is defined at Step 3 (for example: CustomLog \"|/usr/bin/logger -t httpd -p local1.info\" MyApacheLogs)
  5. Type the following command to disable hostname lookup: HostnameLookups off
  6. Save the Apache configuration file
  7. Edit the syslog configuration file /etc/syslog.conf
  8. Add the following information to your syslog configuration file:\<facility>.\<priority> \<TAB>\<TAB>@\<host>:5140, where:
    • <facility> is the syslog facility (for example, local0) and must match the value that you typed in Step 4
    • <priority> is the syslog priority (for example, info or notice) and must match the value that you typed in Step 4
    • <TAB> indicates you must press the Tab key
    • <host> is the IP address of the CyberQuest
  9. Save the syslog configuration file
  10. Type the following command to restart the syslog service: /etc/init.d/syslog restart
  11. Restart Apache to complete the syslog configuration.