Skip to content

README.md

Latest commit

 

History

History
108 lines (60 loc) · 3.76 KB

README.md

File metadata and controls

108 lines (60 loc) · 3.76 KB

Apache Integration

This integration periodically fetches metrics from Apache servers. It can parse access and error logs created by the Apache server.

Compatibility

The Apache datasets were tested with Apache 2.4.12 and 2.4.46 and are expected to work with all versions >= 2.2.31 and >= 2.4.16 (independent from operating system).

Logs

Access Logs

Access logs collects the Apache access logs.

{{event "access"}}

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

{{fields "access"}}

Supported format for the access logs are:

  • Common Log Format

    • The common LogFormat can be used as follows:

      %h %l %u %t \"%r\" %>s %b

    • Example:

      127.0.0.1 user-identifier frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

  • Combined Log Format

    • The combined LogFormat can be used as follows:

      I. %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"

      II. %A:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"

      III. %h:%p %l %u %t \"%{req}i %U %H\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"

    • Example:

      I. 127.0.0.1 user-identifier frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://datawarehouse.us.oracle.com/datamining/contents.htm" "Mozilla/4.7 [en] (WinNT; I)"

      II. 127.0.0.1:80 127.0.0.1 - - [20/Jun/2024:16:23:43 +0530] "\x16\x03\x01" 400 226 "-" "-"

      III. 127.0.0.1:80 - - [20/Jun/2024:16:31:41 +0530] "<SCRIPT>NXSSTEST</SCRIPT> / HTTP/1.1" 403 4897 "-" "-"

  • Combined Log Format + X-Forwarded-For header

    • The combined LogFormat with x-forwarded-for header can be used as follows:

      %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" X-Forwarded-For=\"%{X-Forwarded-For}i\"

    • Example:

      127.0.0.1 user-identifier frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://datawarehouse.us.oracle.com/datamining/contents.htm" "Mozilla/4.7 [en] (WinNT; I)" X-Forwarded-For="10.225.192.17, 10.2.2.121"

Error Logs

Error logs collects the Apache error logs.

{{event "error"}}

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

{{fields "error"}}

Metrics

Status Metrics

The server status stream collects data from the Apache Status module. It scrapes the status data from the web page generated by the mod_status module.

{{event "status"}}

ECS Field Reference

Please refer to the following document for detailed information on ECS fields.

{{fields "status"}}

Anomaly Detection Configurations

These anomaly detection jobs are available in the Machine Learning app in Kibana when you have data that matches the query specified in the manifest.

Apache Access Logs

Find unusual activity in HTTP access logs.

Job Description
visitor_rate_apache HTTP Access Logs: Detect unusual visitor rates
status_code_rate_apache HTTP Access Logs: Detect unusual status code rates
source_ip_url_count_apache HTTP Access Logs: Detect unusual source IPs - high distinct count of URLs
source_ip_request_rate_apache HTTP Access Logs: Detect unusual source IPs - high request rates
low_request_rate_apache HTTP Access Logs: Detect low request rates