web.nginx

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with web.nginx identify events generated by the NGINX web server belonging to NGINX.

Valid tags and data tables

The full tag must have 6 levels. The first two are fixed as web.nginx. The third level identifies the type of events sent and the rest of them indicate the event subtypes (environment, application and clon).

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
NGINX web server	`web.nginx.access-combined.<env>.<app>.<clon>`	`web.nginx.accessCombined`
	`web.nginx.access-lt.<env>.<app>.<clon>`	`web.nginx.accessLt`
	`web.nginx.access-lt-xff.<env>.<app>.<clon>`	`web.nginx.accessLtXff`
	`web.nginx.access-main.<env>.<app>.<clon>`	`web.nginx.accessMain`
	`web.nginx.error.<env>.<app>.<clon>`	`web.nginx.error`

For more information, read more about Devo tags.

The format and location of the different access logs are defined using the log_format and access_log directives within the http block of the nginx.conf file. Below find the specifications for each of the access log types supported by Devo.

The log file that corresponds to the web.nginx.access-combined tag is defined by default.
Specification for web.nginx.access-lt:
log_format accesslt '$msec $remote_addr - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"'; access_log /var/log/nginx/access.log accesslt;
Specification for web.nginx.access-lt-xff:
log_format accessltxff '$msec $remote_addr "$http_x_forwarded_for" - $remote_user $host:$server_port "$request" "$uri" "$http_referer" "$http_user_agent" "$http_cookie" $status $request_completion $request_length $request_time $upstream_response_time $body_bytes_sent $bytes_sent $gzip_ratio "$http_content_type" "$upstream_http_content_type"'; access_log /var/log/nginx/access.log accessltxff;
Specification for web.nginx.access-main:
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main;
The error log that corresponds to the web.nginx.error tag is defined by the error_log directive in the main context of the NGINX configuration file.

For more information about NGINX logging, see the NGINX documentation.

Remember to restart the server after editing the configuration file.

How is the data sent to Devo?

We recommend that you use the rsyslog configuration files on the host machine to send log events to a Devo endpoint. See the Monitoring files using rsyslog and Secure sending using rsyslog articles for details about editing the rsyslog configuration file.

Remember to restart rsyslog after editing the configuration file.

Table structure

These are the fields displayed in these tables:

web.nginx.accessCombined
web.nginx.accessLt
web.nginx.accessLtXff
web.nginx.accessMain
web.nginx.error

web.nginx.accessCombined

Field	Type	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
environment	`str`	venv
site	`str`	vsite
clon	`str`	vclon
serverdate	`timestamp`
srcIp	`ip4`
user	`str`
method	`str`
url	`str`
protocol	`str`
statusCode	`int4`
responseLength	`int4`
referer	`str`
userAgent	`str`
srcIdentd	`str`
rawMessage	`str`		✓
hostchain	`str`		✓
hostname	`str`
tag	`str`		✓

web.nginx.accessLt

Field	Type	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
environment	`str`	venv
site	`str`	vsite
clon	`str`	vclon
rawMessage	`str`		✓
serverdate	`timestamp`
srcIp	`ip4`
serverName	`str`
serverPort	`int4`
user	`str`
method	`str`
rawUrl	`str`
protocol	`str`
statusCode	`int4`
url	`str`
referer	`str`
userAgent	`str`
connectionState	`str`
responseTime	`float8`
upstreamResponseTime	`float8`
requestLength	`int8`
responseLength	`int8`
bodyLength	`int8`
requestContentType	`str`
responseContentType	`str`
gzipRatio	`float8`
cookies	`str`
hostchain	`str`		✓
tag	`str`		✓

web.nginx.accessLtXff

Field	Type	Field Transformation	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
environment	`str`	venv
site	`str`	vsite
clon	`str`	vclon
serverdate	`timestamp`
srcIp	`ip4`
clientIp	`ip4`	pc as xForwardedFor
serverName	`str`
serverPort	`int4`
user	`str`
method	`str`
rawUrl	`str`
protocol	`str`
statusCode	`int4`
url	`str`
referer	`str`
userAgent	`str`
connectionState	`str`
xForwardedFor	`str`
responseTime	`float8`
upstreamResponseTime	`float8`
requestLength	`int8`
responseLength	`int8`
bodyLength	`int8`
requestContentType	`str`
responseContentType	`str`
gzipRatio	`float8`
cookies	`str`
rawMessage	`str`		✓
hostchain	`str`		✓
tag	`str`		✓

web.nginx.accessMain

Field	Type	Field Transformation	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
environment	`str`	venv
site	`str`	vsite
clon	`str`	vclon
serverdate	`timestamp`
srcIp	`ip4`
proxyChain	`str`
clientIp	`ip4`	proxyChain pc as
user	`str`
method	`str`
url	`str`
protocol	`str`
statusCode	`int4`
responseLength	`int8`
referer	`str`
userAgent	`str`
srcIdentd	`str`
rawMessage	`str`		✓
hostchain	`str`		✓
tag	`str`		✓

web.nginx.error

Field	Type	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
environment	`str`	venv
site	`str`	vsite
clon	`str`	vclon
serverdate	`timestamp`
severity	`str`
pid	`str`
tid	`str`
cid	`str`
message	`str`
rawMessage	`str`		✓
hostchain	`str`		✓
tag	`str`		✓