Document toolboxDocument toolbox

web.nginx

The tags beginning with web.nginx identify log events generated by the NGINX web server.

Tag structure

The full tag must have at least six levels. The first two are fixed as web.nginx. The third level identifies the log type/format and currently must be one of access-main, access-combined, access-lt, access-lt-xff, or error.

The fourth, fifth and sixth levels are required and should identify the environment type, web application, and instance respectively. 

  • environment - Describes the environment in when the event occurred. For example, development, testing, or production.

  • web application - The name of the web application.

  • clon - This is the instance that generated the event. Depending on your network, this can be a machine name, or the virtual name of an NGINX process.

The values of these levels should be guided by the structure we propose because they will be saved in the events when saved in Devo. When you open the resulting data table, these will appear in the environment, site and clon columns.

Technology

Brand

Log type/format

Environment

Web application

Clon

Technology

Brand

Log type/format

Environment

Web application

Clon

web

nginx

  • access-main

  • access-combined

  • access-lt

  • access-lt-xff

  • error

free but required



free but required

free but required

Therefore, the valid tags include:

  • web.nginx.access-main.env.app.clon

  • web.nginx.access-combined.env.app.clon

  • web.nginx.access-lt.env.app.clon

  • web.nginx.access-lt-xff.env.app.clon

  • web.nginx.error.env.app.clon

For more information, read more about Devo tags.

NGINX log types

The format and location of the different access logs are defined using the log_format and access_log directives within the "http" block of the nginx.conf file. Below find the specifications for each of the access log types supported by Devo.

Specification for web.nginx.access-main:

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main;



Specification for web.nginx.access-lt:

log_format accesslt '$msec $remote_addr - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"'; access_log /var/log/nginx/access.log accesslt;



Specification for web.nginx.access-lt-xff:

log_format accessltxff '$msec $remote_addr "$http_x_forwarded_for" - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"'; access_log /var/log/nginx/access.log accessltxff;

The log file that corresponds to the web.nginx.access-combined tag is defined by default.

The error log that corresponds to the web.nginx.error tag is defined by the error_log directive in the main context of the NGINX configuration file.

Remember to restart the server after editing the configuration file.

For more information about NGINX logging, see the NGINX documentation.

Sending NGINX events to Devo

We recommend that you use the rsyslog configuration files on the host machine to send log events to a Devo endpoint. See the Monitoring files using rsyslog and Secure sending using rsyslog articles for details about editing the rsyslog configuration file.

Remember to restart rsyslog after editing the configuration file.