Required Blumira Module: Logger
To complete Log Collection for your Nginx Web Server, you will need to complete the Linux System Log Collection process first. Once you’ve completed that step, you can proceed on this page.
If you have a special logging configuration for your Nginx Web Server, you may need to tweak the following configuration. If you’re unsure, you can send your active Nginx configuration to [email protected] and we’ll make sure you get the correct configuration.
Configuring Nginx Web Server Logs
1) Check Your Nginx Config
As mentioned above, the following content expects that you will be logging out to
/var/log/nginx/error.log with appropriate log cycling – the Nginx default. If you have set this up in a different way through your vhosts or site configuration, you can replace the path in the later steps with those details.
Generally for default/not heavily modified configurations we would expect to see something like:
access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log;
2) Ensure Spool Exists
Rsyslog must spool the data for Nginx into a working directory. Since the previous step should already be complete which uses the same directory, this should not often be an issue. However, to avoid potential logging failures, run the following command to ensure that the folder defined below exists:
sudo ls /var/log/rsyslog
If for some reason you receive a No such file or directory error, run the following command.
sudo mkdir -v /var/spool/rsyslog if [ "$(lsb_release -ds | grep Ubuntu)" != "" ]; then sudo chown -R syslog:adm /var/spool/rsyslog fi
3) Add the Rsyslog Config File
Open or create the new Blumira Apache log configuration file:
sudo vim /etc/rsyslog.d/25-nginx.conf
You can also use nano, emacs, of your preferred text editor. The file just must be located at /etc/rsyslog.d/25-nginx.conf.
Copy and paste the following content into the file:
# Prep $ModLoad imfile $InputFilePollInterval 10 $PrivDropToGroup adm $WorkDirectory /var/spool/rsyslog # Apache Access File: $InputFileName /var/log/nginx/access.log $InputFileTag apache-access: $InputFileStateFile stat-apache-access $InputFileSeverity info $InputFilePersistStateInterval 20000 $InputRunFileMonitor # Apache Error File: $InputFileName /var/log/nginx/error.log $InputFileTag apache-error: $InputFileStateFile stat-apache-error $InputFileSeverity error $InputFilePersistStateInterval 20000 $InputRunFileMonitor # Tag, Forward to BLUNIX System Logger then Stop if $programname == 'apache-access' then stop if $programname == 'apache-error' then stop
As mentioned above, you can change the paths of the Access and Error file if they are located at a different path on your system.
4) Restart the Rsyslog Service
Restart the rsyslog service to start processing Nginx data via the new configuration.
sudo /etc/init.d/rsyslog restart
sudo service rsyslog restart
5) All Set!
No other actions should be required, Blumira will ingest and parse the Nginx logs appropriately.