Evidence: Apache Logs
Description: Collect Apache Logs
Category: Applications
Platform: linux
Short Name: apcl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Apache HTTP Server logs on Linux record web server access, errors, and activities. Logs are located in /var/log/apache2 on Debian-based systems and /var/log/httpd on Red Hat-based systems, with custom installations potentially in /usr/local.
Data Collected
This collector gathers structured data about apache logs.
Collection Method
This collector gathers Apache logs from standard system locations including Debian-style (/var/log/apache2) and custom installations (/usr/local/var/log/httpd).
Forensic Value
Apache logs are critical for investigating web application attacks, SQL injection, XSS attacks, web shell uploads, data exfiltration, and unauthorized access. Access logs reveal attacker IPs, request patterns, and attack vectors.
