Configuring Comprehensive Apache Logging

2 min read Web Security Fundamentals

Configuring Comprehensive Apache Logging

Apache's flexible logging system allows detailed customization for security monitoring:

# /etc/apache2/sites-available/secure-logging.conf
<VirtualHost *:443>
    ServerName example.com
    
    # Custom log format for security analysis
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %{SSL_PROTOCOL}x %{SSL_CIPHER}x" security_combined
    
    # Detailed log format with additional security fields
    LogFormat "%{%Y-%m-%d %H:%M:%S}t.%{msec_frac}t %{remote}p %h %{SSL_CLIENT_S_DN}x %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %I %O %{UNIQUE_ID}e" detailed_security
    
    # Access logs with rotation
    CustomLog "|/usr/bin/rotatelogs -l /var/log/apache2/access.%Y%m%d.log 86400" security_combined
    CustomLog "|/usr/bin/rotatelogs -l /var/log/apache2/detailed.%Y%m%d.log 86400" detailed_security
    
    # Error log with increased verbosity for security events
    ErrorLog "|/usr/bin/rotatelogs -l /var/log/apache2/error.%Y%m%d.log 86400"
    LogLevel warn security:debug ssl:info
    
    # Forensic logging for detailed request analysis
    <IfModule mod_log_forensic.c>
        ForensicLog "|/usr/bin/rotatelogs -l /var/log/apache2/forensic.%Y%m%d.log 86400"
    </IfModule>
    
    # ModSecurity audit logging
    <IfModule mod_security2.c>
        SecAuditEngine RelevantOnly
        SecAuditLogRelevantStatus "^(?:5|4(?!04))"
        SecAuditLogType Serial
        SecAuditLog /var/log/apache2/modsec_audit.log
        SecAuditLogFormat JSON
    </IfModule>
    
    # Environment variables for enhanced logging
    SetEnvIf Request_URI "\.jpg$|\.jpeg$|\.gif$|\.png$|\.ico$|\.css$|\.js$" dontlog
    SetEnvIf Request_URI "^/health-check$" dontlog
    SetEnvIf Remote_Addr "^192\.168\." internal
    
    # Conditional logging
    CustomLog "|/usr/bin/rotatelogs -l /var/log/apache2/external.%Y%m%d.log 86400" security_combined env=!internal
    CustomLog "|/usr/bin/rotatelogs -l /var/log/apache2/internal.%Y%m%d.log 86400" security_combined env=internal
</VirtualHost>

# Global logging configuration
<IfModule mod_logio.c>
    LogIOTrackTTFB On
</IfModule>

# Log SSL/TLS handshake failures
SSLStaplingErrorCacheTimeout 600
LogLevel ssl:warn

Enable required modules:

sudo a2enmod log_forensic logio unique_id
sudo systemctl restart apache2