NGINX
Configure NGINX Log Source with BindPlane
Supported Versions
NGINX versions
- 1.18
- 1.16
- 1.15
- 1.14
Configuration
| Option | Description | Log Source |
|---|---|---|
| Log Source | Use this field to specify where your logs are coming from. When choosing the 'file' option, the agent reads in logs from the log paths specified below. When choosing the 'Kubernetes' options, the agent reads in logs from /var/log/containers based on the Pod and Container specified below. | -- |
| Log Format | When choosing the 'default' option, the agent will expect and parse logs in a format that matches the default logging configuration. When choosing the 'observIQ' option, the agent will expect and parse logs in an optimized JSON format that adheres to the observIQ specification. | 'file' or 'kubernetes' |
| Pod Name | Specify the Pod(s) running NGINX. | 'kubernetes' |
| Container Name | Specify the Container(s) running NGINX. Typically, you can leave this as the default value of (*) and specify the Pod above. | 'kubernetes' |
| Access Logs | Enable and specify the path to the NGINX Access logs Note: you will only need to specify this path when using choosing 'file' as the Log Source. | 'file' or 'kubernetes' |
| Error Logs | Enable and specify the path to the NGINX Error logs Note: you will only need to specify this path when using choosing 'file' as the Log Source. | 'file' or 'kubernetes' |
| Start At | Choose whether to start reading from the beginning or end of a file with "end" being the default. | 'file' or 'kubernetes' |
Log Formats
Default: If you're using the default logging configuration for NGINX, choose the default Log Format option in the Source configuration.
observIQ: For optimal NGINX parsing and enrichment, we recommend choosing the 'observIQ' log format, and updating your nginx.conf file using the below steps:
- Edit nginx.conf
- Add the observIQ log format to the http configuration
- Update the access log directive to use observiq log format
- Restart Nginx
log_format observiq '{"remote_addr":"$remote_addr","remote_user":"$remote_user","time_local":"$time_local","request":"$request","status":"$status","body_bytes_sent":"$body_bytes_sent","http_referer":"$http_referer","http_user_agent":"$http_user_agent","request_length":"$request_length","request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_response_length":"$upstream_response_length","upstream_response_time":"$upstream_response_time","upstream_status":"$upstream_status","proxy_add_x_forwarded_for":"$proxy_add_x_forwarded_for","bytes_sent":"$bytes_sent","time_iso8601":"$time_iso8601","upstream_connect_time":"$upstream_connect_time","upstream_header_time":"$upstream_header_time","http_x_forwarded_for":"$http_x_forwarded_for"}';
Example nginx.conf
http {
...
log_format observiq '{"remote_addr":"$remote_addr","remote_user":"$remote_user","time_local":"$time_local","request":"$request","status":"$status","body_bytes_sent":"$body_bytes_sent","http_referer":"$http_referer","http_user_agent":"$http_user_agent","request_length":"$request_length","request_time":"$request_time","upstream_addr":"$upstream_addr","upstream_response_length":"$upstream_response_length","upstream_response_time":"$upstream_response_time","upstream_status":"$upstream_status","proxy_add_x_forwarded_for":"$proxy_add_x_forwarded_for","bytes_sent":"$bytes_sent","time_iso8601":"$time_iso8601","upstream_connect_time":"$upstream_connect_time","upstream_header_time":"$upstream_header_time","http_x_forwarded_for":"$http_x_forwarded_for"}';
access_log /var/log/nginx/access.log observiq;
...
}
Log Types
| Types |
|---|
| nginx.access |
| nginx.error |
Advanced
For more information on the advanced configuration capabilities, see our detailed plugin guide here.
Updated almost 3 years ago