NGINX logs
The agent collects NGINX access logs to provide visibility into web traffic, including request paths, status codes, and client information. This enables real-time monitoring of your web server’s health and usage patterns.
Setup
Monitoring NGINX logs requires the log files to be in the standard /var/log/nginx/ location. The agent uses system capabilities (CAP_DAC_READ_SEARCH) to read records; if these are disabled, you must grant the simob-agent user explicit read access to the log directory.
Expected log format
The agent expects the default NGINX access log format. It specifically parses the standard timestamp [day/month/year:hour:minute:second zone] to ensure accurate event ordering:
[02/Jan/2006:15:04:05 -0700]If you have customized your log_format directive, make sure it still includes the $time_local variable in its default bracketed format.
Configuration
Log collection is enabled by default for NGINX. No additional configuration is required.
Logs
The agent automatically parses structured information from NGINX access logs to provide searchable metadata:
Labels
| Label | Description | Example / Values |
|---|---|---|
timestamp | Extracted from the log entry for accurate event ordering. | 02/Jan/2006:15:04:05 -0700 |
source | Identifies the origin collector. | nginx |
Troubleshooting
Verify file access
Manually check if the simob-agent user can read the NGINX access log:
sudo -u simob-agent head -n 1 /var/log/nginx/access.logCheck log persistence
If logs are not appearing in the dashboard, ensure that NGINX is actively writing to the expected files in /var/log/nginx/.