Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Introduction
The tags beginning with web.
...
nginx
identify
...
events generated by the NGINX web server belonging to NGINX.
...
Valid tags and data tables
The full tag must have at least six 6 levels. The first two are fixed as web.nginx
. The third level identifies the log type /format and currently must be one of access-main, access-combined, access-lt, access-lt-xff, or error.
The fourth, fifth and sixth levels are required and should identify the environment type, web application, and instance respectively.
- environment - Describes the environment in when the event occurred. For example, development, testing, or production.
- web application - The name of the web application.
- clon - This is the instance that generated the event. Depending on your network, this can be a machine name, or the virtual name of an NGINX process.
The values of these levels should be guided by the structure we propose because they will be saved in the events when saved in Devo. When you open the resulting data table, these will appear in the environment, site and clon columns.
...
Technology
...
Brand
...
Log type/format
...
Environment
...
Web application
...
Clon
...
- access-main
- access-combined
- access-lt
- access-lt-xff
- error
free but required
...
Therefore, the valid tags include:
of events sent and the rest of them indicate the event subtypes (environment, application and clon).
Product / Service | Tags | Data tables |
---|---|---|
NGINX web server |
|
|
|
...
|
...
|
...
|
...
|
|
...
|
|
...
|
|
|
...
|
|
|
...
|
|
For more information, read more about Devo tags.
...
Expand | ||
---|---|---|
| ||
The format and location of the different access logs are defined using the |
...
|
...
block of the |
...
|
...
Code Block | ||||
---|---|---|---|---|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
|
...
|
...
For more information about NGINX logging, see the NGINX documentation.
|
For more information about NGINX logging, see the NGINX documentation.
...
How is the data sent to Devo?
We recommend that you use the rsyslog configuration files on the host machine to send log events to a Devo endpoint. See the Monitoring files using rsyslog and Secure sending using rsyslog articles for details about editing the rsyslog configuration file.
Note |
---|
Remember to restart rsyslog after editing the configuration file. |
Table structure
These are the fields displayed in these tables:
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
serverdate |
|
| |
srcIp |
|
| |
user |
|
| |
method |
|
| |
url |
|
| |
protocol |
|
| |
statusCode |
|
| |
responseLength |
|
| |
referer |
|
| |
userAgent |
|
| |
srcIdentd |
|
| |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
hostname |
|
| |
tag |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
rawMessage |
|
| ✓ |
serverdate |
|
| |
srcIp |
|
| |
serverName |
|
| |
serverPort |
|
| |
user |
|
| |
method |
|
| |
rawUrl |
|
| |
protocol |
|
| |
statusCode |
|
| |
url |
|
| |
referer |
|
| |
userAgent |
|
| |
connectionState |
|
| |
responseTime |
|
| |
upstreamResponseTime |
|
| |
requestLength |
|
| |
responseLength |
|
| |
bodyLength |
|
| |
requestContentType |
|
| |
responseContentType |
|
| |
gzipRatio |
|
| |
cookies |
|
| |
hostchain |
|
| ✓ |
tag |
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Field Transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
environment |
|
| venv | |||
site |
|
| vsite | |||
clon |
|
| vclon | |||
serverdate |
|
|
| |||
srcIp |
|
|
| |||
clientIp |
|
| pc as xForwardedFor | |||
serverName |
|
|
| |||
serverPort |
|
|
| |||
user |
|
|
| |||
method |
|
|
| |||
rawUrl |
|
|
| |||
protocol |
|
|
| |||
statusCode |
|
|
| |||
url |
|
|
| |||
referer |
|
|
| |||
userAgent |
|
|
| |||
connectionState |
|
|
| |||
xForwardedFor |
|
|
| |||
responseTime |
|
|
| |||
upstreamResponseTime |
|
|
| |||
requestLength |
|
|
| |||
responseLength |
|
|
| |||
bodyLength |
|
|
| |||
requestContentType |
|
|
| |||
responseContentType |
|
|
| |||
gzipRatio |
|
|
| |||
cookies |
|
|
| |||
rawMessage |
|
|
| ✓ | ||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
Field | Type | Field Transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
environment |
|
| venv | |||
site |
|
| vsite | |||
clon |
|
| vclon | |||
serverdate |
|
|
| |||
srcIp |
|
|
| |||
proxyChain |
|
|
| |||
clientIp |
|
| proxyChain pc as | |||
user |
|
|
| |||
method |
|
|
| |||
url |
|
|
| |||
protocol |
|
|
| |||
statusCode |
|
|
| |||
responseLength |
|
|
| |||
referer |
|
|
| |||
userAgent |
|
|
| |||
srcIdentd |
|
|
| |||
rawMessage |
|
|
| ✓ | ||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ |
Anchor | ||||
---|---|---|---|---|
|
...
Related articles
...
error
Field | Type | Source field name | Extra fields |
---|---|---|---|
eventdate |
|
| |
environment |
| venv | |
site |
| vsite | |
clon |
| vclon | |
serverdate |
|
| |
severity |
|
| |
pid |
|
| |
tid |
|
| |
cid |
|
| |
message |
|
| |
rawMessage |
|
| ✓ |
hostchain |
|
| ✓ |
tag |
|
| ✓ |