In order to use APACHE HTTP Server as a Data Source for Pluribus One WAS® it is first required to define a specific Access-Log format which will refer to as "ap_format" in the rest of this article. The communication between APACHE HTTP Server and Pluribus One WAS® is handled by sending a properly formated access-log by using the syslog mechanism. There are two different ways for users to implement the syslog mechanism, both are detailed later in this article:
- OPTION 1 [NOT RECOMMENDED]: Using the general APACHE configuration file.
- OPTION 2: Use a Pluribus One WAS® dedicated configuration file.
For more information about APACHE please refer to https://httpd.apache.org .
OPTION 1 - Using the general APACHE configuration file.
The APACHE Configuration File contains the general setting for an APACHE HTTP Server and its location depends on the OS of the HOST where APACHE HTTP Server is actually installed. Among the most common locations for the configuration file we can list: /etc/httpd/httpd.conf or /etc/httpd/conf/httpd.conf.
Please take into account that including the Pluribus One WAS® settings directly within this file is NOT RECOMMENDED because any changes to the configuration file will have a global effect on the entire APACHE HTTP Server installation and this can become a source of unexpected errors.
OPTION 2 - Using a dedicated configuration file.
Including all the required settings in a separate dedicated file is the RECOMMENDED solution because of the lower risk of causing unexpected errors. In case any mistake will be made during the configuration, the only consequence will be preventing Pluribus One WAS® from accessing the Data Source without causing any further problems or errors. The dedicated file location should be /etc/httpd/conf.d/attackprophecy_http.conf .
DISCLAIMER: APACHE allows to define several Access-Logs simultaneously. Adding this new definition won’t thus override previously defined Access-Log formats.
Creating and using a dedicated configuration file it is easy, just follow the three steps presented below:
STEP 1 - Load the module
By loading the module, a unique ID will be created for each Log entry. In order to load the module you just have to include the following instruction in the configuration file: LoadModule unique_id_module modules/mod_unique_id.so .
STEP 2 - Define an Access-Log format
Defining a specific Access-Log format for Pluribus One WAS® is very easy! Just include the following following LogFormat definition in the configuration file:
LogFormat "\"%{UNIQUE_ID}e\"|\"%t\"|\"%a\"|\"%{Host}i\"|
\"%U\"|\"%m\"|\"%H\"|\"%q\"|\"%{Referer}i\"|\"%>s\"|
\"%{User-Agent}i\"|\"%{Cookie}i\"|\"%{Content-Type}i\"|
\"%A\"|\"%{X-Forwarded-For}i\"|\"%{remote}p\"|\"%{local}p\"|
\"%O\"" ap_format
STEP 3 - Send the Access-Log
The last required action is sending the Access-Log via Syslog. In order to do it, you just have to include the following instruction in the configuration file:
CustomLog "|/usr/bin/logger --tag apache_ap: --udp --server IP_HOST_AP --port 514" ap_format
NOTE: Remember to replace the IP_HOST_AP field with the IP address of the host device where Pluribus One WAS® has been installed.