Nginx Logstash Configuration
Ship logs from NGINX to logstash
Configure Filebeat to ship logs from a NGINX web server to Logstash and Elasticsearch.
Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 2 - Enable the NGINX Module
There are several built in filebeat modules you can use. You will need to enable the nginx module.
deb/rpm
sudo filebeat modules list
sudo filebeat modules enable nginx
macOS
cd <EXTRACTED_ARCHIVE>
./filebeat modules list
./filebeat modules enable nginx
Windows
cd <EXTRACTED_ARCHIVE>
.\filebeat.exe modules list
.\filebeat.exe modules enable nginx
Additional module configuration can be done using the per module config files located in the modules.d folder, most commonly this would be to read logs from a non-default location
deb/rpm /etc/filebeat/modules.d/
mac/win <EXTRACTED_ARCHIVE>/modules.d/
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/custom/path/to/logs"]
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/custom/path/to/logs"]
# Ingress-nginx controller logs. This is disabled by default. It could be used in Kubernetes environments to parse ingress-nginx logs
ingress_controller:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
Step 3 - Update your configuration file
The configuration file below is pre-configured to send data to your Logit.io Stack via Logstash.
Copy the configuration file below and overwrite the contents of filebeat.yml.
# ============================== Filebeat modules ==============================
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
#reload.period: 10s
# ================================== Outputs ===================================
# ------------------------------ Logstash Output -------------------------------
output.logstash:
hosts: ["your-logstash-host:your-ssl-port"]
loadbalance: true
ssl.enabled: true
# ================================= Processors =================================
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
If you’re running Filebeat 7 add this code block to the end. Otherwise, you can leave it out.
# ... For Filebeat 7 only ...
filebeat.registry.path: /var/lib/filebeat
If you’re running Filebeat 6 add this code block to the end. Otherwise, you can leave it out.
# ... For Filebeat 6 only ...
registry_file: /var/lib/filebeat/registry
Validate your YAML
It’s a good idea to run the configuration file through a YAML validator to rule out indentation errors, clean up extra characters, and check if your YAML file is valid. Yamllint.com is a great choice.
Step 4 - Validate configuration
If you have issues starting in the next step, you can use these commands below to troubleshoot.
Let's check the configuration file is syntactically correct by running directly inside the terminal.
If the file is invalid, will print an error loading config file error message with details on how to correct the problem.
deb/rpm
sudo -e -c /etc//.yml
macOS
cd <EXTRACTED_ARCHIVE>
sudo ./ -e -c .yml
Windows
cd <EXTRACTED_ARCHIVE>
.\.exe -e -c .yml
Step 5 - Start filebeat
Start or restart to apply the configuration changes.
Step 6 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 7 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.
Step 8 - NGINX dashboard
The NGINX module comes with predefined Kibana dashboards. To view your dashboards for any of your Logit.io stacks, launch Kibana and choose Dashboards.
Step 9 - NGINX Logs Overview
NGINX is an open-source HTTP server and reverse proxy that was created by Igor Sysoev & released in 2004. It has gone on to power many of the web’s highest traffic sites (including Netflix, Google & Wordpress) as it is a highly reliable server for enabling businesses to scale their operations.
Viewing NGINX log files can allow you to see spikes in 5XX/4XX status codes affecting the performance of your applications, and allow your Dev teams to drill down into the data to resolve errors. Analysing these at scale can rapidly drain your resources if your teams need to configure separate parsing, configuration, visualisation and reporting tools for a single large NGINX instance.
Many NGINX log analyzers can slow down the process of troubleshooting & increase time to resolution unnecessarily as they often struggle to process large amounts of log data. The Logit.io log management platform is built on ELK and can easily process large amounts of NGINX server data for root cause analysis.
Our platform is built to scale with your infrastructure, once data is migrated to your ELK Stack you’ll be able to benefit from automatic parsing with Logstash and visualise your NGINX metrics in Kibana. Alert on errors and notify your teams of spikes in real-time with our integrated alerting features that can send notifications to a variety of sources including Jira, Opsgenie, Slack, PagerDuty & Webhooks.
In case you need any further assistance with sending your NGINX data to Logstash & Elasticsearch we're here to help. Just get in touch with our support team via live chat & we'll be happy to assist.