web.nginx
The tags beginning with web.nginx identify log events generated by the NGINX web server.
Tag structure
The full tag must have at least six levels. The first two are fixed as web.nginx. The third level identifies the log type/format and currently must be one of access-main, access-combined, access-lt, access-lt-xff, or error.
The fourth, fifth and sixth levels are required and should identify the environment type, web application, and instance respectively.Â
environment - Describes the environment in when the event occurred. For example, development, testing, or production.
web application - The name of the web application.
clon - This is the instance that generated the event. Depending on your network, this can be a machine name, or the virtual name of an NGINX process.
The values of these levels should be guided by the structure we propose because they will be saved in the events when saved in Devo. When you open the resulting data table, these will appear in the environment, site and clon columns.
Technology | Brand | Log type/format | Environment | Web application | Clon |
---|---|---|---|---|---|
web | nginx |
| free but required | free but required | free but required |
Therefore, the valid tags include:
web.nginx.access-main.env.app.clon
web.nginx.access-combined.env.app.clon
web.nginx.access-lt.env.app.clon
web.nginx.access-lt-xff.env.app.clon
web.nginx.error.env.app.clon
For more information, read more about Devo tags.
NGINX log types
The format and location of the different access logs are defined using the log_format and access_log directives within the "http" block of the nginx.conf file. Below find the specifications for each of the access log types supported by Devo.
Specification for web.nginx.access-main:
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
Specification for web.nginx.access-lt:
log_format accesslt '$msec $remote_addr - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie"
$status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio
"$http_content_type" "$upstream_http_content_type"';
access_log /var/log/nginx/access.log accesslt;
Specification for web.nginx.access-lt-xff:
log_format accessltxff '$msec $remote_addr "$http_x_forwarded_for" - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie"
$status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio
"$http_content_type" "$upstream_http_content_type"';
access_log /var/log/nginx/access.log accessltxff;
The log file that corresponds to the web.nginx.access-combined tag is defined by default.
The error log that corresponds to the web.nginx.error tag is defined by the error_log directive in the main context of the NGINX configuration file.
Remember to restart the server after editing the configuration file.
For more information about NGINX logging, see the NGINX documentation.
Sending NGINX events to Devo
We recommend that you use the rsyslog configuration files on the host machine to send log events to a Devo endpoint. See the Monitoring files using rsyslog and Secure sending using rsyslog articles for details about editing the rsyslog configuration file.
Remember to restart rsyslog after editing the configuration file.