Apache Logs
Overview
Section titled “Overview”Evidence: Apache Logs
Description: Collect Apache Logs
Category: Applications
Platform: aix
Short Name: apcl
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): Yes
Background
Section titled “Background”Apache HTTP Server logs on macOS record web server access, errors, and activities. These logs are found in various locations depending on installation method (system, Homebrew Intel, Homebrew Apple Silicon).
Data Collected
Section titled “Data Collected”This collector gathers structured data about apache logs.
Collection Method
Section titled “Collection Method”This collector gathers Apache/httpd logs from multiple possible locations including system directories (/var/log/apache2), Homebrew installations (/usr/local, /opt/homebrew), and user-specific Homebrew logs.
Forensic Value
Section titled “Forensic Value”Apache logs are critical for investigating web application attacks, unauthorized access attempts, data exfiltration, web shell activities, and understanding web server compromise. Access logs reveal attacker IP addresses, request patterns, and attack vectors.