Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. Nginx

Nginx

Nginx is a web server with a strong focus on high concurrency, performance and low memory usage. It can also act as a reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer and an HTTP cache.

All information about the activity of the Nginx server can be logged using the Syslog server, which can be configured to send all of the data to the Logmanager server.

Configuring Nginx server

  1. Edit the Nginx server configuration file /etc/nginx/nginx.conf.

  2. See the section Logging Settings in part http and update the following parameters:

    log_format nginx_lm '{ "user_agent": "$http_user_agent", '
   '"@timestamp": "$time_iso8601", '
   '"server_name": "$server_name", '
   '"server_port": "$server_port", '
   '"remote_host": "$remote_addr", '
   '"remote_user": "$remote_user", '
   '"duration": "$request_time", '
   '"status": "$status", '
   '"url_path": "$request_filename", '
   '"url_query": "$args", '
   '"bytes": "$body_bytes_sent", '
   '"method": "$request_method", '
   '"referer": "$http_referer" }';

access_log /var/log/nginx/access.log nginx_lm;

  3. Restart the Nginx server with the command: /etc/init.d/nginx restart

This completes the configuration of the Nginx server. Now continue with configuring Syslog-NG.

Configuring the Syslog-NG server

Syslog writes events generated by Linux. These messages are stored locally in individual files. Messages can be set to automatically forward to the Logmanager.

Sending Nginx messages to the Logmanager server

Please do the following steps:

  1. According to the chapter Linux Syslog-NG, check the settings of the parameters: source and @include.

  2. Create a file /etc/syslog-ng/conf.d/nginx-forward-toLM.conf.

  3. Paste the following code into it:

    # configuring source
source nginx_access {
   file(
      "/var/log/nginx/access.log"
      program_override("nginx")
      flags(no-parse)
   );
};

# logging destination on the Logmanager server
destination d_logmanager { tcp("<Logmanager_IP_address>" port(514)); };

# action, i.e. sending the Nginx message to the Logmanager server
log { source(nginx_access); destination(d_logmanager); };
    Logmanager_IP_address is the IP address of your Logmanager server.

  4. Restart the Syslog-NG server with the command: /etc/init.d/syslog-ng restart

Now your Nginx server will be sending logs to Logmanager.