Nginx
Nginx is a web server with a strong focus on high concurrency, performance and low memory usage. It can also act as a reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer and an HTTP cache.
All information about the activity of the Nginx server can be logged using the Syslog server, which can be configured to send all of the data to the Logmanager server.
-
Edit the Nginx server configuration file
/etc/nginx/nginx.conf
. -
See the section Logging Settings in part http and update the following parameters:
log_format nginx_lm '{ "user_agent": "$http_user_agent", ' '"@timestamp": "$time_iso8601", ' '"server_name": "$server_name", ' '"server_port": "$server_port", ' '"remote_host": "$remote_addr", ' '"remote_user": "$remote_user", ' '"duration": "$request_time", ' '"status": "$status", ' '"url_path": "$request_filename", ' '"url_query": "$args", ' '"bytes": "$body_bytes_sent", ' '"method": "$request_method", ' '"referer": "$http_referer" }'; access_log /var/log/nginx/access.log nginx_lm;
-
Restart the Nginx server with the command:
/etc/init.d/nginx restart
This completes the configuration of the Nginx server. Now continue with configuring Syslog-NG.
Syslog writes events generated by Linux. These messages are stored locally in individual files. Messages can be set to automatically forward to the Logmanager.
Please do the following steps:
-
According to the chapter Linux Syslog-NG, check the settings of the parameters: source and @include.
-
Create a file
/etc/syslog-ng/conf.d/nginx-forward-toLM.conf
. -
Paste the following code into it:
# configuring source source nginx_access { file( "/var/log/nginx/access.log" program_override("nginx") flags(no-parse) ); }; # logging destination on the Logmanager server destination d_logmanager { tcp("<Logmanager_IP_address>" port(514)); }; # action, i.e. sending the Nginx message to the Logmanager server log { source(nginx_access); destination(d_logmanager); };
Logmanager_IP_address is the IP address of your Logmanager server. -
Restart the Syslog-NG server with the command:
/etc/init.d/syslog-ng restart
Now your Nginx server will be sending logs to Logmanager.