Vendors Apache Software Foundation Apache HTTP Server Apache Combined Log Format

Apache Combined Log Format

Standard HTTP access logs with extended client information

Apache HTTP Server Combined Log Format access logs recording all HTTP requests with client information, request details, response status, referrer, and user agent data

access-log http web-server combined-format traffic

PLAIN TEXT Format 14 Fields High Frequency Generator

Preview Sample View Schema

Overview

Records all HTTP requests to the Apache web server including client IP, authenticated user, timestamp, request method and URI, HTTP status code, response size, referrer URL, and user agent string.

When Generated:

Every HTTP/HTTPS request received by the Apache web server
GET, POST, PUT, DELETE, HEAD, OPTIONS, and other HTTP methods
Both successful requests and errors (2xx, 3xx, 4xx, 5xx status codes)
Requests to static content, APIs, web applications, and services

Security Relevance:

High

Compliance:

PCI DSS (Requirement 10.2 - Audit logging) HIPAA (Access logging requirements) SOX (Access audit trails) GDPR (Access logging for personal data) ISO 27001 (A.12.4.1 - Event logging)

Frequency Notes:

High-frequency events during business hours (900 events/hour or ~4 per second) with reduced activity during nights (120 events/hour) and weekends (150 events/hour). Typical for enterprise web applications and internal portals.

Resources

Documentation

Apache HTTP Server Documentation - Log Files official
Apache Module mod_log_config official
Combined Log Format Specification official
HTTP Status Codes Reference reference

Tools

GoAccess
Real-time web log analyzer and interactive viewer for Apache logs
AWStats
Advanced web statistics analyzer for Apache access logs
Splunk
Enterprise log aggregation and analysis platform

Generation Configuration

Base Frequency: 300 events/hour

Time Patterns:

business_hours night_hours weekend

Business Hours Multiplier: 3.0x

Night Hours Multiplier: 0.4x

Weekend Multiplier: 0.5x

Field Definitions

Complete field reference for this event type with data types, descriptions, and example values.

Field Name	Type	Required	Format	Description	Example	Possible Values
client_ip Source: random_private_ip()	String	Required	`IPv4 or IPv6`	IP address of the client making the request	`10.98.208.92`	—
virtual_host Source: registry.get_organization_field('domain') with random port	String	Required	`hostname:port`	Virtual host (domain:port) receiving the request	`apps.mclaneco.com:443`	—
authenticated_user Source: registry.get_random_user().username or '-'	String	Optional	`Username or '-'`	Username of authenticated user, or '-' if not authenticated	`nxrosar`	—
timestamp Source: now() \| format_datetime('%d/%b/%Y:%H:%M:%S %z')	DateTime	Required	`DD/Mon/YYYY:HH:MM:SS Timezone`	Date and time of the request	`20/Dec/2025:15:31:10 -0600`	—
request_method Source: random_choice(['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'OPTIONS'])	String	Required	`HTTP method verb`	HTTP request method	`POST`	`GET` — Retrieve resource `POST` — Submit data to server `PUT` — Update existing resource `DELETE` — Remove resource `HEAD` — Retrieve headers only `OPTIONS` — Check allowed methods
request_uri Source: random_choice of common application paths	String	Required	`URI path`	URI path and query string of the request	`/order-processing/UIDL/?v-uiId=0`	—
http_version Source: random_choice(['1.1', '2.0'])	String	Required	`HTTP/x.x`	HTTP protocol version used for the request	`HTTP/1.1`	`HTTP/1.1` — HTTP version 1.1 `HTTP/2.0` — HTTP version 2.0
status_code Source: random_weighted selection favoring successful responses	Integer	Required	`3-digit HTTP status code`	HTTP response status code	`200`	`200` — OK - Successful request `201` — Created - Resource created successfully `204` — No Content - Successful with no response body `301` — Moved Permanently - Resource moved `302` — Found - Temporary redirect `304` — Not Modified - Cached resource still valid `400` — Bad Request - Invalid request syntax `401` — Unauthorized - Authentication required `403` — Forbidden - Access denied `404` — Not Found - Resource not found `500` — Internal Server Error - Server error `502` — Bad Gateway - Upstream server error `503` — Service Unavailable - Server temporarily unavailable
response_size Source: random_int(0, 500000)	Integer	Required	`Bytes`	Size of response in bytes (0 if no content)	`416`	—
referer Source: random_choice of referrer URLs or '-'	String	Optional	`URL or '-'`	URL of the page that linked to the requested resource, or '-' if none	`https://apps.mclaneco.com/order-processing/`	—
user_agent Source: random_choice of realistic user agent strings	String	Required	`User agent string`	User agent string identifying the client software	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36`	—
backend_server Source: registry.get_random_device().hostname or fqdn with port	String	Optional	`hostname:port or '-'`	Backend server hostname/port that handled the request (if proxied), or '-'	`lpdstwasapp01.mclaneco.com:9083`	—
response_time_ms Source: random_int(100, 10000)	Integer	Optional	`Milliseconds`	Time taken to process the request in milliseconds	`4075`	—
keep_alive Source: random_choice([0, 1])	Integer	Optional	`0 or 1`	Keep-alive status (0 = connection closed, 1 = connection kept alive)	`0`	—

Details

Fields

High

Frequency

Feedback

No ratings yet