NGINX Web Server

Seer Box side configuration

To set NGINX as the source, simply select the NGINX Web Server value in the Log type field in step 3 of the traffic source creation.

No additional fields will be required.

Source side configuration

Seer Box allows receiving HTTP traffic from NGINX, taking advantage of its ability to send access logs via UDP.

References

https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#setting-up-the-access-log

Configuration directory

/etc/nginx/

Log format

To define a new log format compatible with Seer Box you can use the directive log_format, as shown below:

log_format sb_log '"$msec"|"$request_id"|"$server_addr"|"$server_port"|"$remote_addr"|"$request_method"|"$uri"|"$query_string"|"$server_protocol"|"$server_name"|"$http_host"|"$http_user_agent"|"$http_referer"|"$http_accept"|"$http_cookie"|"$http_content_type"|"$request_body"|"$request_length"|"$status"|"$http_x_forwarded_for"|"$sent_http_content_type"|"$bytes_sent"';

Sending logs

For sending logs, it is necessary to configure the field access_log for each virtual host to be monitored, as shown below:

access_log syslog:server=IP_HOST_SB:PORT_SB,tag=nginx_sb sb_log;

Variables to be replaced

IP_HOST_SB: IP address of the Seer Box instance.
PORT_SB: the port of the Seer Box listening interface, related to the configured traffic source. The port number can be found under the source detailed information in the Seer Box web interface, on Settings - Traffic Sources page.

NGINX Web Server

Seer Box side configuration​

Source side configuration​

References​

Configuration directory​

Log format​

Sending logs​