Table of Contents:
NGINX is a prominent web server, reverse proxy server, and mail proxy utilized by many websites and applications to serve content to their users. One important aspect of managing a web server is logging, which refers to the process of recording information about the server's activity and performance.
Configuring Syslog on NGINX
- Log in to your NGINX HTTP Server device.
- Open the NGINX configuration file.
cd etc/nginx/nginx.conf
- Add the following line to the configuration file, replacing "syslog_server_hostname" with the Forwarder IP address & port number: 11683.
error_log syslog:server=syslog_server_hostname:11683,facility=local7,tag=nginx,severity=error;
access_log syslog:server=syslog_server_hostname:11683,facility=local7,tag=nginx,severity=debug;
- Save the configuration file and restart Nginx.
service nginx restart
- There are several options that you can use to customize the way that Nginx sends syslog messages. Here are a few examples:
- "facility": This option specifies the facility to which the log message should be sent. The facility is used to categorize log messages and can be used to filter log data on the syslog server. Common facilities include "local0" through "local7", "user", "daemon", and "system".
- "tag": This option specifies a tag to be added to the log message. The tag can be used to identify the source of the log message, and can be used to filter log data on the syslog server.
- "severity": This option specifies the severity level of the log message. Common severity levels include "emerg", "alert", "crit", "error", "warning", "notice", "info", and "debug".
- Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference
Comments
0 comments
Please sign in to leave a comment.