Apache HTTP Server
Apache httpd access and error logs — page/asset/API requests, bot crawlers (Googlebot, GPTBot), scanner probes, 3xx redirects, and correlated 4xx/5xx error log entries with module context.
Quick Start
uv tool install eventum-generator
git clone https://github.com/eventum-generator/content-packs.git
cd content-packs
eventum generate \
--path generators/web-apache/generator.yml \
--id apache \
--live-mode trueEvent Types
| Event ID | Description | Frequency | Category |
|---|---|---|---|
| access-success | Successful request (2xx/304) | ~68% | web |
| access-bot | Bot/crawler request | ~11% | web |
| access-client-error | Client error (4xx) | ~9% | web |
| access-redirect | Redirect (3xx) | ~5% | web |
| error-file-not-found | File not found (error log) | ~3.2% | web |
| access-server-error | Server error (5xx) | ~1.4% | web |
| error-module | Module error/warning | ~1.4% | web |
| error-notice | Operational notice | ~0.9% | web |
Realism Features
- Correlated access/error logs — 404 access events produce matching "File does not exist" error entries
- Correlated server errors — 5xx access events produce matching module error entries
- URL distribution — pages (30%), static assets (50%), API endpoints (20%)
- Bot traffic — Googlebot, bingbot, YandexBot, AhrefsBot, GPTBot with correct UA strings
- Attack surface probing — .env, wp-admin, phpMyAdmin, .git/config in 404 paths
- Content-aware response sizes — CSS/JS/image sizes match real-world ranges; 304 returns 0 bytes
Sample Output
{
"@timestamp": "2026-02-21T12:00:01.234567+00:00",
"event": {
"category": ["web"],
"dataset": "apache.access",
"module": "apache",
"outcome": "success"
},
"http": {
"request": { "method": "GET" },
"response": { "body": { "bytes": 12847 }, "status_code": 200 }
},
"url": { "original": "/products", "path": "/products" },
"user_agent": { "name": "Chrome", "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/120.0.0.0" }
}Parameters
| Parameter | Default | Description |
|---|---|---|
| hostname | webserver01 | Server hostname |
| domain | example.com | Website domain name |
| agent_id | 9326664e-... | Filebeat agent ID |
| agent_version | 8.17.0 | Filebeat version |
Related Generators
Nginx Access & Error Logs
Nginx reverse proxy and web server — access logs with upstream timing, error logs with module context, bot/crawler traffic, scanner probes, and correlated 4xx/5xx error entries.
Cisco AnyConnect VPN
Cisco ASA AnyConnect SSL VPN — session lifecycle from RADIUS authentication through tunnel establishment, IP assignment, DAP policy evaluation, session roaming between gateways, to graceful disconnection.
Citrix NetScaler Gateway VPN
Citrix ADC / NetScaler Gateway VPN syslog events covering the full SSL VPN session lifecycle — authentication, login/logout, ICA application launches, TCP/UDP connection statistics, HTTP resource access, client security checks, session timeouts, and license limit alerts.