[Deprecated] Apache HTTP Server connector for Microsoft Sentinel
Important
Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. For more information, see Find your Microsoft Sentinel data connector.
The Apache HTTP Server data connector provides the capability to ingest Apache HTTP Server events into Microsoft Sentinel. Refer to Apache Logs documentation for more information.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | ApacheHTTPServer_CL |
Data collection rules support | Not currently supported |
Supported by | Microsoft Corporation |
Query samples
Top 10 Clients (Source IP)
ApacheHTTPServer
| summarize count() by SrcIpAddr
| top 10 by count_
Vendor installation instructions
Note
This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias ApacheHTTPServer and load the function code or click here. The function usually takes 10-15 minutes to activate after solution installation/update.
- Install and onboard the agent for Linux or Windows
Install the agent on the Apache HTTP Server where the logs are generated.
Logs from Apache HTTP Server deployed on Linux or Windows servers are collected by Linux or Windows agents.
- Configure the logs to be collected
Configure the custom log directory to be collected
- Select the link above to open your workspace advanced settings
- From the left pane, select Data, select Custom Logs and click Add+
- Click Browse to upload a sample of a Apache HTTP Server log file (e.g. access.log or error.log). Then, click Next >
- Select New line as the record delimiter and click Next >
- Select Windows or Linux and enter the path to Apache HTTP logs based on your configuration. Example:
- Windows directory:
C:\Server\bin\Apache24\logs\*.log
- Linux Directory:
/var/log/httpd/*.log
- After entering the path, click the '+' symbol to apply, then click Next >
- Add ApacheHTTPServer_CL as the custom log Name and click Done
Next steps
For more information, go to the related solution in the Azure Marketplace.