Collect Nginx Logs
Reveald (opens in a new tab) is an easy-to-use, performant, efficient, and open source log and event collection daemon for endpoint collection.
We can use reveald to collect nginx logs to be visualized in RunReveal. In this guide, we'll install, configure and run reveald on the machine running nginx (or a host that is visible on the network from the host running nginx).
First, download a reveald release for the operating system and architecture of the host you'll be running the daemon on from the releases page here (opens in a new tab). (https://github.com/runreveal/reveald/releases (opens in a new tab)) Extract the package to a directory of your choosing on the host.
Next, login to RunReveal and create a structured webhook source. This will give us a webhookURL needed to configure a destination in reveald to send our data to runreveal. You can create a source directly using this link (opens in a new tab)
Here is a sample configuration for the syslog listener for which we'll be
sending our logs. Replace {{YOUR-RUNREVEAL-WEBHOOKURL}}
with the webhook
received from the UI in the step above.
{
"sources": {
"nginx-logs": {
"type": "nginx_syslog",
"addr": "127.0.0.1:5514",
},
},
"destinations": {
"rr-dest": {
"type": "runreveal",
"webhookURL": "{{YOUR-RUNREVEAL-WEBHOOKURL}}",
},
},
}
We can run reveald pointing at the configuration like so (assuming you download it to the same directory as the binary).
./reveald run --config=./config.json
Now, add this access_log
line to the server
block for the sites that you
wish to receive access logs from. If you're not running reveald on the same
host as nginx, replace the localhost address 127.0.0.1
with the host IP you've
configured reveald to listen on.
server {
access_log syslog:server=127.0.0.1:5514 combined;
# ... other config ...
}
Test your nginx config and reload the nginx process:
sudo nginx -s reload
You should now be getting logs in your RunReveal workspace! Let's run some queries on RunReveal once you've gotten some traffic to the site you've configured.
That's it! If you encounter any problems setting this up, please feel free to reach out on our discord, via the chat bubble on the website, or via [email protected].