PREVIOUS web.jboss

NEXT web.tomcat

web.nginx

The NGINX logs are labeled with the web.nginx.type.env.app.clon tag.

Tag structure 

The elements environmentapplication and clon are free, but mandatory. They can take the value chosen by the user to identify the event source and they must always be used. The name of each of these elements reflects the intended use:

  • environment: the environment where the event occurs (development, testing, production, etc.). The number and name of the environments is not fixed by Devo, since there could be a lot of variation between facilities.
  • application: the web application name
  • clon: the name of the NGINX instance that caused the event. Depending on the customer, it could be a machine name, the virtual name of an NGINX process, etc.

The element type is fixed and it identifies the type and format of the sent event. This element can take one of the following values: 

  • web.nginx.main
  • web.nginx.combined
  • web.nginx.access-lt
  • web.nginx.access-lt-xff
  • web.nginx.error

For more information on how tags work, please check the Introduction to tags article.

NGINX tags examples

  • web.nginx.main.des.miapp.srv1
  • web.nginx.main.des.miapp.srv2
  • web.nginx.combined.pro.lt.clon1

Type of logs

These type of logs need to be defined in the NGINX configuration file as it follows:

  • main

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    				'$status $body_bytes_sent "$http_referer" '
    				'"$http_user_agent" "$http_x_forwarded_for"';
  • access_lt

    log_format access_lt '$msec $remote_addr - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"';
  • access_lt_xff

    log_format access_lt_xff '$msec $remote_addr "$http_x_forwarded_for" - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"';
  • combined - it is defined by default

The next step is to indicate NGINX the file to write the logs and the format to use. Here are some examples:

  • access_log /var/log/nginx/access.log main
  • error_log /var/log/nginx/error.log
  • access_log /var/log/nginx/nginx-webapp.log combined

Restart NGINX after all changes have been applied.

Sending to Devo

The standard method for sending is to configure NGINX to write the logs to file and rely on rsyslog to send the events.

  • You can download here an example of configuration file.
  • The configuration steps to follow are described in the File monitoring via rsyslog article. Make sure you indicate the tag to send to Devo.
  • If you prefer to send in a secure way, check the Secure sending via rsyslog article.
  • Restart rsyslog after applying the changes.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US

PREVIOUS web.jboss

NEXT web.tomcat