June 4, 2025

Create a Great Apache Dashboard in Nagios Log Server R2

Shamas Demoret

Technical Content Manager

Apache webserver log data contains a wealth of information to help you understand the functionality, usage, and security of your website. A great way to make use of this data is to create a custom Apache dashboard in Nagios Log Server to help you quickly review key pieces of data like http Status Codes, the IPs hitting the server, and the top URLs visitors are accessing.

Setting up Your Apache Dashboard

Start Collecting Data

First off, you’ll need to set up your Apache webserver to send its logs upstream to your Log Server cluster. Simply click the green + Add Log Source button at the top of the interface and follow the instructions in the Apache Server section.

Build a Foundation and Save It

Once you have data coming in, navigate to Dashboards and select the built-in Nagios Log Server Search dashboard. Before making any changes, select Save as from the top menu and save the dashboard under a new name like Apache Dashboard, choosing either to save it as a personal dashboard (only visible to your login) or Global (visible to all Users).

Another approach would be to start with the built-in Empty Dashboard, but since Log Server Search already has an Events Over Time histogram panel and an All Events table, both of which we’ll want in our Apache dashboard, it saves time to start with it instead.

It’s also worth saving your Dashboard regularly as you build it, so you don’t lose any of your work if you bounce to another section of the interface accidentally.

Narrow the Field

Before we add panels, let’s narrow our results a bit to just focus on Apache logs. To do so, we’ll add two queries:

type: apache_access

type: apache_error

If there are other things you might like to see reflected in your Events Over Time histogram, you can add them as well. Things like the following simple queries might be worth paying attention to:

http.response.status_code:403

http.response.status_code:404

You can also simply click the 404 and 500 default query templates to load detailed queries focusing on those response codes and to use as a reference for creating your own more complex queries.

Screenshot of the Default Query Templates available in Nagios Log Server Dashboards. — Some helpful default response code queries are built in.

One advantage of combining multiple smaller queries is that the color you select for each query will appear in the Events Over Time panel, giving you quick visual insight into the volume of results reflecting each query:

Screenshot of some Queries for apache access and error data, and http response codes 403 & 404, and an Events Over Time histogram panel color-coded to show volume of each query. — Some starting Apache queries and the result in the Events Over Time histogram.

Add Your Custom Panels

Now that we’ve created a basic dashboard and narrowed down the data set to relevant logs, it’s time to add a few key panels to our Apache Dashboard.

To add a panel, click the + sign on the upper right, at the top of the Row.

Screenshot of a Nagios Log Server Dashboard, zoomed in on the upper right of a Row, with a yellow arrow pointing to the "+" sign which is clicked to add a new Panel. — Click “+” to add new Panels to your Dashboard.

Note that when your new Panel populates to the dashboard, it will appear at the bottom of the Row, below the All Events table. Simply click the top of any Panel you wish to move and drag it to where you want to place it, and resize Panels as needed by clicking and dragging from the bottom-right or bottom-left corner.

The following three options are a great start for Apache data analysis:

http Response Codes

This panel will show you the http response codes generated by your webserver, helping you quickly identify things like broken pages (404 codes), visitors attempting to access unauthorized resources (403 codes), and webserver-side issues with completing requests (500 codes).

Field: http.response.status_code

Screenshot of a Log Server panel for http Response Codes. — Settings for an http Response Codes panel.

Apache Hits

This panel will provide insight into the top IP addresses of visitors to your site. You can adjust the ‘Count’ field in the Edit Panel form to show more or less IPs.

Field: source.address

Screenshot of an Apache hits panel focusing on the source.address opensearch field, which will be added to an Apache Dashboard in Nagios Log Server. — Settings for an Apache Hits panel.

Top URLs

This panel will enable you to see the top URLs visited on your site, providing insight into everything from user behavior to code injection attempts.

Field: url.original

Screenshot the panel settings for a Nagios Log Server panel that will show Top URLs visited by site visitors based on Apache data. — Settings for a Top URLs panel.

Add a Map

Another awesome panel for Apache data is the Map panel, which enables you to leverage geoip data in your Apache logs to visualize where hits are coming from geographically.

Field: source.geo.location

Screenshot of the Add Panel menu for a Map panel which will use geoip data to show where Apache hits originated geographically. — Settings for the Map panel.

The Final Dashboard

With those panels added and customized, you now have a great Apache Dashboard to reference anytime you want to dig into the details.

Screenshot of a Nagios Log Server dashboard using the Map Panel to show the geographic origin of Apache hits. — Map the planet! …with Nagios Log Server.

You may also wish to get proactive alerts when certain events are collected, such as 404 response codes. You can learn more about turning queries into alerts in the following guide:

Alerting on Log Events with Nagios Log Server

You can learn more about creating and managing Dashboards and Queries here:

Analyzing Logs with Nagios Log Server R2

Finally, this article highlights all of the updates and enhancements in Nagios Log Server R2 in case you’re new to Log Server or are still running version 2024R1:

Ready to Rock: What’s New in Log Server 2024R2