The NGINX logs are labeled with the web.nginx.type.env.app.clon tag.
The elements environment, application and clon are free, but mandatory. They can take the value chosen by the user to identify the event source and they must always be used. The name of each of these elements reflects the intended use:
- environment: the environment where the event occurs (development, testing, production, etc.). The number and name of the environments is not fixed by Devo, since there could be a lot of variation between facilities.
- application: the web application name
- clon: the name of the NGINX instance that caused the event. Depending on the customer, it could be a machine name, the virtual name of an NGINX process, etc.
The element type is fixed and it identifies the type and format of the sent event. This element can take one of the following values:
For more information on how tags work, please check the Introduction to tags article.
NGINX tags examples
Type of logs
These type of logs need to be defined in the NGINX configuration file as it follows:
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
log_format access_lt '$msec $remote_addr - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"';
log_format access_lt_xff '$msec $remote_addr "$http_x_forwarded_for" - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"';
- combined - it is defined by default
The next step is to indicate NGINX the file to write the logs and the format to use. Here are some examples:
- access_log /var/log/nginx/access.log main
- error_log /var/log/nginx/error.log
- access_log /var/log/nginx/nginx-webapp.log combined
Sending to Devo
The standard method for sending is to configure NGINX to write the logs to file and rely on rsyslog to send the events.
- You can download here an example of configuration file.
- The configuration steps to follow are described in the File monitoring via rsyslog article. Make sure you indicate the tag to send to Devo.
- If you prefer to send in a secure way, check the Secure sending via rsyslog article.
- Restart rsyslog after applying the changes.