Page Comparison

...

Table 1-1: Port requirements for LCP communication.

Device configuration changes for log collection

Supported format for the Apache HTTP Server Access Logs

Common Log Format:

Defined in apache LogFormat by: %h %l %u %t \"%r\" %>s %b 

Combined Log Format:

Defined in apache LogFormat by: %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"

Configuring Apache HTTP Server Access Logs on Windows and Linux

Windows:

1. By default, Apache is installed in C:\Apache24. If you are using a different directory, adjust the paths accordingly.

2. The main configuration file is typically located at 'C:\Apache24\conf\httpd.conf'. Open httpd.conf in a text editor

3. Find the section in httpd.conf where logging is configured. It should have below entries,

LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

4. Ensure you have a CustomLog directive pointing to your access log file. Add or modify the line to match the common or combined log format,

CustomLog "<Log Directory>/access.log" combined

5. Save httpd.conf and close the text editor.

6. Open command prompt as an administrator and restart the Apache service

httpd -k restart

Linux:

1. By default, and depending upon Linux distribution, Apache's configuration directory would be /etc/httpd or /etc/apache2. The main configuration file would be located at /etc/httpd/conf/httpd.conf or /etc/apache2/apache2.conf.

2. Based on Linux distribution, open httpd.conf or apache2.conf using text editor

vi /etc/httpd/conf/httpd.conf

or

vi /etc/apache2/apache2.conf

3. Find the section in httpd.conf/apache2.conf where logging is configured. It should have below entry,

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined

4. Ensure you have a CustomLog directive pointing to your access log file. Add or modify the line to match the combined log format,

CustomLog "<Log Directory>/access.log" combined

5. Save the configuration file

wq!

6. Restart the Apache service to apply the changes based on Linux distribution,

systemctl restart httpd

or

systemctl restart apache2

 Log Configuration via NxLog Agent

You can select any one of the below options to send logs to the LCP.

...

Steps to configure the sever via NxLog Agent for Non-TLS TCP Log flow on Windows using port - 10013

1. Download and Install NxLog agent from location https://nxlog.co/products/nxlog-community-edition/download

2. Go to services.msc and stop the nxlog service.

3. Go to folder "C:\Program Files (x86)\nxlog\data" and delete "configcache.dat".

4. For Windows Agent, go to installed location “C:\Program Files (x86)\nxlog\conf” and rename the attached NXLog.conf (Windows) to "nxlog.conf" and copy into this folder.

...

Steps to configure the sever via NxLog Agent for Non-TLS TCP Log flow on Linux (RHEL 7 and CentOS 7) using port - 10013

1. Download and Install NxLog agent from location https://nxlog.co/products/nxlog-community-edition/download (There are few dependencies that you need to install and then you can install nxlog on machine. Refer https://nxlog.co/documentation/nxlog-user-guide#deploy_rhel )

2. For Linux Agent, after installation go to installed location “/etc/nxlog.conf”. Rename attached NXLog.conf(Linux) to "nxlog.conf" and copy into this folder.

...

Please follow the below steps for Windows:

1. Go to services.msc and stop the nxlog service.

2. Go to folder "C:\Program Files (x86)\nxlog\data" and delete "configcache.dat".

3. For Windows Agent , go to installed location “C:\Program Files (x86)\nxlog\conf”. Rename attached NXLog.conf (Windows with TLS).conf to "nxlog.conf" and copy into this folder  

...

  4. Copy the certificate on Windows machine where nxlog agent is installed and mentioned this cert path in nxlog.conf against "CAFile".      Note:

Example: C:\Program Files (x86)\nxlog\cert\cert.pem

...

Please follow the below steps for Linux:

1. Stop the nxlog service using below command.

​systemctl stop nxlog

2. For Linux Agent, after installation go to installed location “/etc/nxlog.conf”. Rename attached NXLog.conf(Linux with TLS) to "nxlog.conf" and copy into this folder.

 Note:

  3. Copy the certificate on Linux machine where nxlog agent is installed and mentioned this cert path in nxlog.conf against "CAFile".      Note:

...

Example: /etc/cert.pem

  4. Replace “LCP_IP_Address” with actual LCP IP address in nxlog.conf.

...

Table 1-2: The Apache event collector (Syslog - 3844) properties to be configured by MDR are shown in the table.