Start your 14-day free trial today & Get 20% Off All Annual Managed ELK Plans
No Credit Card Required
Try Logit.io FreeAlready have an account? Sign In
Apache Logstash Configuration
Ship Apache access and error logs to logstash
Configure Filebeat to ship logs from Apache to Logstash and Elasticsearch.
Step 1 - Install Filebeat
deb (Debian/Ubuntu/Mint)
curl -L -O https://artifacts.elastic.co/downloads/beats//-oss-7.15.1-amd64.deb
sudo dpkg -i -oss-7.15.1-amd64.deb
rpm (CentOS/RHEL/Fedora)
curl -L -O https://artifacts.elastic.co/downloads/beats//-oss-7.15.1-x86_64.rpm
sudo rpm -vi -oss-7.15.1-x86_64.rpm
macOS
curl -L -O https://artifacts.elastic.co/downloads/beats//-oss-7.15.1-darwin-x86_64.tar.gz
tar xzvf -oss-7.15.1-darwin-x86_64.tar.gz
Windows
- Download the Windows zip file from the official downloads page.
- Extract the contents of the zip file into C:\Program Files.
- Rename the
-<version>-windows
directory to ``. - Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
- Run the following commands to install as a Windows service:
cd 'C:\Program Files\'
.\install-service-.ps1
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-.ps1
.
Step 2 - Enable the Apache module
There are several built in filebeat modules you can use. You will need to enable the apache module.
deb/rpm
sudo filebeat modules list
sudo filebeat modules enable apache
macOS
cd <EXTRACTED_ARCHIVE>
./filebeat modules list
./filebeat modules enable apache
Windows
cd <EXTRACTED_ARCHIVE>
.\filebeat.exe modules list
.\filebeat.exe modules enable apache
Additional module configuration can be done using the per module config files located in the modules.d folder, most commonly this would be to read logs from a non-default location
deb/rpm /etc/filebeat/modules.d/apache.yml
mac/win <EXTRACTED_ARCHIVE>/modules.d/apache.yml
- module: apache
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/custom/path/to/logs"]
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/custom/path/to/logs"]
Step 3 - Locate the configuration file
deb/rpm /etc/filebeat/filebeat.yml
mac/win <EXTRACTED_ARCHIVE>/filebeat.yml
Step 4 - Configure output
We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
Comment out the elasticsearch output block.
## Comment out elasticsearch output
#output.elasticsearch:
# hosts: ["localhost:9200"]
Step 5 - Validate configuration
Let's check the configuration file is syntactically correct by running directly inside the terminal.
If the file is invalid, will print an error loading config file
error message with details on how to correct the problem.
deb/rpm
sudo -e -c /etc//.yml
macOS
cd <EXTRACTED_ARCHIVE>
./ -e -c .yml
Windows
cd <EXTRACTED_ARCHIVE>
.\.exe -e -c .yml
Step 6 - Start filebeat
Ok, time to start ingesting data!
deb/rpm
sudo systemctl enable filebeat
sudo systemctl start filebeat
mac
./filebeat
Windows
Start-Service filebeat
Step 7 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.
Step 8 - Apache dashboard
The Apache module comes with predefined Kibana dashboards. To view your dashboards for any of your Logit.io stacks, launch Kibana and choose Dashboards.
Step 9 - Apache Logging Overview
Apache (also known as Apache HTTP Server) is a popular open-source web server that manages incoming HTTP requests. The first edition of Apache was launched over twenty years ago in 1995 & has grown to power over 40% of websites globally. Just one of the reasons for its widespread adoption is due to its highly flexible and powerful features.
Apache produces access & error logs and as a server that manages HTTP requests, the tool generates a high amount of log data when used to monitor high traffic websites. This can be difficult to efficiently analyse without an Apache log viewer.
The error log is characterised as the most important log data you’ll want to analyse as part of your audits. It contains a wealth of information beyond just errors & can be used for comprehensive diagnostic reporting. Access logs keep track of all access requests that have been sent to your web server and include data such as IP addresses, URLs & response times.
Logit.io provides a complete solution for fast Apache log viewing & analysis. Our platform’s built-in Apache log analyser saves on the need to configure numerous tools for the ingestion of Apache server logs as our hosted ELK Stack takes care of transforming, parsing, alerting, visualising & reporting in one centralised platform.
Followed our configuration file example for Apache and are still encountering issues? We're here to help. Reach out by contacting our team by visiting our dedicated Help Centre or via live chat & we'll be able to get back to you.