Nginx Logs
Loggly provides the infrastructure to aggregate and normalize log events so they are available to explore interactively, build visualizations, or create threshold-based alerting. In general, any method to send logs from a system or application to an external source can be adapted to send logs to Loggly. The following instructions provide one scenario for sending logs to Loggly.
Nginx logs its access and error logs to files. Syslog daemons such as rsyslog can monitor these files and send them to Loggly. This guide assumes you use rsyslog 5.8 or higher, TCP over port 514, the standard Nginx log directory for Ubuntu, and the default log format. The script has been tested with Nginx version 1.10.0 and 1.4.6. For alternatives, please see the Advanced Options section on setting up Nginx server logs and click here for our information on the Nginx log analyzer.
Automatic Nginx Script
1. Run The Configure Nginx Script
Run our automatic configure-nginx script below to setup Nginx logging and send the logs to Loggly through your syslog daemon. Alternatively, you can follow our manual configuration instructions below.
curl -O https://www.loggly.com/install/configure-nginx.sh sudo bash configure-nginx.sh -a SUBDOMAIN -u USERNAME
Replace:
- SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
- USERNAME: your Loggly username, which is visible at the top right of the Loggly console
You will need to enter your system root password so it can update your rsyslog configuration. It will then prompt for your Loggly password.
2. Verify Events
Search Loggly for events with the nginx tag.
tag:nginx
Click on one of the logs to show a list of Nginx fields (see screenshot below). If you don’t see them, please check that you are using one of our automatically parsed formats.
3. Use Your Logs
Get value from your logs by solving problems and proactively preventing them. These guides are written for Apache web server, but the examples and use cases are also relevant for Nginx.
Troubleshoot Web Server Problems – Find the root cause of Apache errors or unusual traffic patterns
Web Server Alerts and Dashboards – Monitor for Apache errors and slow response time
Manual Nginx Configuration
1. Configure Syslog Daemon
If you haven’t already, run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.
curl -O https://www.loggly.com/install/configure-linux.sh sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME
Replace:
- SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
- USERNAME: your Loggly username, which is visible at the top right of the Loggly console
2. Setup Nginx File Monitoring
Create or open your rsyslog configuration file for nginx:
sudo vim /etc/rsyslog.d/21-nginx-loggly.conf
Copy in the additional configuration below to add file monitoring for Nginx access logs and Nginx error logs.
$ModLoad imfile $InputFilePollInterval 10 $PrivDropToGroup adm $WorkDirectory /var/spool/rsyslog # Nginx access file: $InputFileName /var/log/nginx/access.log $InputFileTag nginx-access: $InputFileStateFile stat-nginx-access $InputFileSeverity info $InputFilePersistStateInterval 20000 $InputRunFileMonitor #Nginx Error file: $InputFileName /var/log/nginx/error.log $InputFileTag nginx-error: $InputFileStateFile stat-nginx-error $InputFileSeverity error $InputFilePersistStateInterval 20000 $InputRunFileMonitor #Add a tag for nginx events $template LogglyFormatNginx,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"nginx\"] %msg%\n" if $programname == 'nginx-access' then @@logs-01.loggly.com:514;LogglyFormatNginx if $programname == 'nginx-access' then ~ if $programname == 'nginx-error' then @@logs-01.loggly.com:514;LogglyFormatNginx if $programname == 'nginx-error' then ~
Replace:
- TOKEN: your customer token from the source setup page
Note: If your Nginx access.log and error.log are in a different location, then please update the path above after $InputFileName.
Restart rsyslogd
$ sudo service rsyslog restart
3. Verify Events
Search Loggly for events with the nginx tag over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below. They may come in labeled as Apache because we use the same parser for both.
tag:nginx
Click on one of the logs to show a list of Nginx fields. If you don’t see them, please check that you are using one of our automatically parsed formats.
4. Use Your Logs
Get value from your logs by solving problems and proactively preventing them. These guides are written for Apache web server, but the examples and use cases are also relevant for Nginx.
Troubleshoot Web Server Problems – Find the root cause of Apache errors or unusual traffic patterns
Web Server Alerts and Dashboards – Monitor for Apache errors and slow response time
Advanced Nginx Logging Options
- Automated Parsing for Nginx – contains nginx formats we parse automatically. It uses the same format types as Apache
- Logging directly to syslog – if you prefer not to use files
- Elastic Beanstalk config for Nginx – uses AWS Elastic Beanstalk to configure Nginx logging
- Streaming Syslog – send syslog to Loggly without writing log files, available in nginx 1.7.1 or higher
- Script Source on GitHub – View the source or suggest improvements
- Log Rotation – if you use log rotation, you must add commands to refresh the files
- Search or post your own Nginx logs or Nginx configuration questions in the community forum or read our Nginx log analysis post here.
Nginx Logs Troubleshooting
If you don’t see any data show up in the verification step, then check for these common problems.
Check Nginx:
- Wait a few minutes in case indexing needs to catch up
- Make sure you replaced your customer token in the configuration file
- Check the nginx log files to make sure they exist and you have the right path and permissions
- Try sending a test log with an nginx tag: logger -t nginx-access test
Check Your Syslog Daemon:
SELinux Error:
- Sample Error Messages:
ERROR: selinux status is 'Enforcing'. Please manually restart the rsyslog daemon or turn off selinux by running 'setenforce 0' and then rerun the script.
If you see this error then you will need to disable the SELinux by setting it to permissive mode using the below command:
sudo setenforce 0
Still Not Working?
- Search or post your own questions on Nginx error logs, access logs, log rotation, debugging Nginx, and more in the community forum.
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.