Connect your Apache HTTP Server to Azure Sentinel

Important

The Apache HTTP Server connector is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

This article explains how to connect your Apache HTTP Server to Azure Sentinel. The Apache HTTP Server connector allows you to easily ingest your Apache HTTP Server logs to Azure Sentinel, so that you can view the data in workbooks, query it to create custom alerts, and incorporate it to improve investigation. Integration between Apache HTTP Server and Azure Sentinel makes use of local file processing by the Log Analytics agent.

Note

Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.

Prerequisites

  • You must have write permission on the Azure Sentinel workspace.

Configure and integrate Apache HTTP Server logs via Log Analytics agent

Configure Apache HTTP Server to send log files to your Azure workspace via the Log Analytics agent. Configure Log Analytics agent to read Apache HTTP Server log files.

  1. Follow instructions at https://httpd.apache.org/docs/2.4/logs.html to set up log files location in Apache HTTP Server.

  2. In the Azure Sentinel navigation menu, select Data connectors and then select Apache HTTP Server (Preview).

  3. Select Open connector page.

  4. Follow the instructions on the Apache HTTP Server page.

Find your data

After a successful connection is established, the data appears in Log Analytics under ApacheHTTPServer_CL.

Validate connectivity

It may take up to 20 minutes until your logs start to appear in Log Analytics.

Next steps

In this document, you learned how to connect Apache HTTP Server to Azure Sentinel. To learn more about Azure Sentinel, see the following articles: