Apache Logs
Overview
Section titled “Overview”Evidence: Apache Logs
Description: Collect Apache Logs
Category: Applications
Platform: linux
Short Name: apcl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Apache HTTP Server logs on Linux record web server access, errors, and activities. Logs are located in /var/log/apache2 on Debian-based systems and /var/log/httpd on Red Hat-based systems, with custom installations potentially in /usr/local.
Data Collected
Section titled “Data Collected”This collector gathers structured data about apache logs.
Collection Method
Section titled “Collection Method”This collector gathers Apache logs from standard system locations including Debian-style (/var/log/apache2) and custom installations (/usr/local/var/log/httpd).
Forensic Value
Section titled “Forensic Value”Apache logs are critical for investigating web application attacks, SQL injection, XSS attacks, web shell uploads, data exfiltration, and unauthorized access. Access logs reveal attacker IPs, request patterns, and attack vectors.