NGINX

Configure NGINX Log Source with observIQ

Supported Versions

NGINX versions

  • 1.18
  • 1.16
  • 1.15
  • 1.14

Configuration

Option

Description

Log Source

Log Source

Use this field to specify where your logs are coming from. When choosing the 'file' option, the agent reads in logs from the log paths specified below. When choosing the 'Kubernetes' options, the agent reads in logs from /var/log/containers based on the Pod and Container specified below.

--

Log Format

When choosing the 'default' option, the agent will expect and parse logs in a format that matches the default logging configuration. When choosing the 'observIQ' option, the agent will expect and parse logs in an optimized JSON format that adheres to the observIQ specification.

'file' or 'kubernetes'

Pod Name

Specify the Pod(s) running NGINX.

'kubernetes'

Container Name

Specify the Container(s) running NGINX. Typically, you can leave this as the default value of (*) and specify the Pod above.

'kubernetes'

Access Logs

Enable and specify the path to the NGINX Access logs

Note: you will only need to specify this path when using choosing 'file' as the Log Source.

'file' or 'kubernetes'

Error Logs

Enable and specify the path to the NGINX Error logs

Note: you will only need to specify this path when using choosing 'file' as the Log Source.

'file' or 'kubernetes'

Start At

Choose whether to start reading from the beginning or end of a file with "end" being the default.

'file' or 'kubernetes'

Log Formats

Default: If you're using the default logging configuration for NGINX, choose the default Log Format option in the Source configuration.

observIQ: For optimal NGINX parsing and enrichment, we recommend choosing the 'observIQ' log format, and updating your nginx.conf file using the below steps:

  1. Edit nginx.conf
  2. Add the observIQ log format to the http configuration
  3. Update the access log directive to use observiq log format
  4. Restart Nginx
log_format observiq '{"remote_addr":"$remote_addr","remote_user":"$remote_user","time_local":"$time_local","request":"$request","status":"$status","body_bytes_sent":"$body_bytes_sent","http_referer":"$http_referer","http_user_agent":"$http_user_agent","request_length":"$request_length","request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_response_length":"$upstream_response_length","upstream_response_time":"$upstream_response_time","upstream_status":"$upstream_status","proxy_add_x_forwarded_for":"$proxy_add_x_forwarded_for","bytes_sent":"$bytes_sent","time_iso8601":"$time_iso8601","upstream_connect_time":"$upstream_connect_time","upstream_header_time":"$upstream_header_time","http_x_forwarded_for":"$http_x_forwarded_for"}';

Example nginx.conf

http {
  ...
  log_format observiq '{"remote_addr":"$remote_addr","remote_user":"$remote_user","time_local":"$time_local","request":"$request","status":"$status","body_bytes_sent":"$body_bytes_sent","http_referer":"$http_referer","http_user_agent":"$http_user_agent","request_length":"$request_length","request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_response_length":"$upstream_response_length","upstream_response_time":"$upstream_response_time","upstream_status":"$upstream_status","proxy_add_x_forwarded_for":"$proxy_add_x_forwarded_for","bytes_sent":"$bytes_sent","time_iso8601":"$time_iso8601","upstream_connect_time":"$upstream_connect_time","upstream_header_time":"$upstream_header_time","http_x_forwarded_for":"$http_x_forwarded_for"}';
  access_log /var/log/nginx/access.log observiq;
  ...
}

Log Types

Types

nginx.access

nginx.error

Dashboards

After creating or updating or an NGINX Source, the [oiq] NGINX - Overview Dashboard and accompanying visualizations will be installed to your account automatically.

[oiq] NGINX - Overview[oiq] NGINX - Overview

[oiq] NGINX - Overview

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.