Apache Logs

Overview

Evidence: Apache Logs Description: Collect Apache Logs Category: Applications Platform: linux Short Name: apcl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Apache HTTP Server logs on Linux record web server access, errors, and activities. Logs are located in /var/log/apache2 on Debian-based systems and /var/log/httpd on Red Hat-based systems, with custom installations potentially in /usr/local.

Data Collected

This collector gathers structured data about apache logs.

Collection Method

This collector gathers Apache logs from standard system locations including Debian-style (/var/log/apache2) and custom installations (/usr/local/var/log/httpd).

Forensic Value

Apache logs are critical for investigating web application attacks, SQL injection, XSS attacks, web shell uploads, data exfiltration, and unauthorized access. Access logs reveal attacker IPs, request patterns, and attack vectors.