Nginx Access Logs

The agent collects Nginx access logs to provide visibility into web traffic, including request paths, status codes, and client information.

How it works

The agent uses the nginx collector to tail log files matching the pattern /var/log/nginx/*.log.

It automatically parses the standard Nginx access log format to extract structured metadata. Key information like the timestamp is parsed from the [02/Jan/2006:15:04:05 -0700] format to ensure accurate event ordering in the dashboard.

Access requirements

By default, the simob-agent system service is granted read access to log files through system-wide capabilities (such as CAP_DAC_READ_SEARCH on Linux).

These capabilities allow the agent to monitor logs without requiring the user to be part of specific groups (like adm or www-data).

If this capability-based access is disabled (for example, when using the --no-system-read installation flag), you must ensure that the simob-agent user has explicit read permissions for the log files.

To verify access manually:

sudo -u simob-agent head -n 1 /var/log/nginx/access.log