apache_access

A parser for common and combined access log format along with a custom server name field.

apache_error

A parser for error log format.

Overview A high level overview of how your servers are performing using data from the access logs. It includes numbers of clients visiting, their locations, the requests per second for servers and the volume and type of media served to clients along with error volumes split by server/client.

HTTP errors Focuses on the HTTP error codes observed in the access logs and includes breakdowns of 4xx and 5xx errors, variations over time and the servers and clients associated with most errors.

Visitor insights Summarises key information from visitors to your web servers/sites, such as the sites referring visitors to your servers, their user agents, locations of visitors, the URLs they are requesting etc. There are also widgets which draw your attention to the presence of any matches for client IP addresses or referer domains against the LogScale indicator of compromise (IOC) database.

Error log analysis Summary information generated from the Apache error.log messages. Provides useful information on the operational health of your servers including the top clients and servers associated with error logs, the most common error messages, how error log volumes vary over time and a table of the most common error messages. Some of these widgets are best used in conjunction with the parameters selection to focus on a single server.

IOC matches for client IP Provides information for any client IP address matches found in the LogScale IOC database. Includes threat volumes over time and an analysis of Malware, Actors, Kill Chain phase and Threat Type as well as a world map view.

IOC matches for referer domain Provides information for any referer domain matches found in the LogScale IOC database. Includes threat volumes over time and an analysis of Malware, Actors, Kill Chain phase and Threat Type as well as a world map view.