How to Monitor NGINX Logs with Sumo Logic

If you’re just joining us, I highly advise you to go back and check out our first two parts of this three part series regarding NGINX and Sumo Logic where we go over a basic Introduction to NGNIX and also Touch Up On NGINX, Logs, and Why Logs Are Important. If you’ve been following along, then great, let’s jump right into it.

How to Monitor NGINX Logs with Sumo Logic

I briefly touched on Sumo Logic and why it’s important for any administrator, engineer, or web master to capture, cache, monitor, and ingest logs for any web server they’re using within their infrastructure environment. Error logs and access logs are the main source of information when it comes to figuring out what’s wrong with your server, why it’s crashing, who’s accessing it, from where, when, and how in terms of location, end user patterns, and client endpoints. Even the best Linux and Windows server wizards have a tough time wrangling all the log files, and with environments that can span hundreds of thousands of servers, every administrator could use a little (or a lot) of help.

In comes Sumo Logic.

Sumo Logic and NGINX Log Ingestion

Sumo Logic, in short, takes all of your logs, centralizes them in one location, provides insight that isn’t obvious to the naked eye, and provides dashboards, pattern recognition, and availability at scale. If logs are an x-ray or fingerprint report of your server, Sumo Logic provides visibility and makes sense of all the health metrics your server is giving off without muddying the important information.

NGINX Logging and Monitoring

Sumo Logic helps your log management in five key areas.

1. Instrument and Collect
   The process of collecting data from your environment is always the first step. Logs can come from anywhere including operating systems, network devices, and cloud servers.
2. Centralizing and Indexing
   Centralizing your logs enables an administrator to have one point of access to do his or her job, making it easier to monitor and analyze. Imagine having to manage 100 servers and each one of those servers are pushing logs to a different database. Sumo Logic takes care of that with centralization.
3. Search and Analyze
   After centralizing and indexing your logs, administrators and engineers are free to parse and analyze their data. Having your logs centralizes allows administrators to query data sets, something that isn’t possible if all of your logs are in different locations.
4. Monitor and Alert
   Monitoring servers and setting up alerts is infinitely easier if all of your logs are centralized in one location. Instead of having to set up the same alarm in 100 different locations, you can manage your alarms and alerts in one dashboard, and have that service alert you and your team on popular messaging platforms such as Slack, PagerDuty, and much more.
5. Report and Dashboard
   Master Linux users can comb through logs with ease with commands like sed, awk, grep, and find, but if you have 100 servers, it’s impossible to self manage such an infrastructure without any help. Sumo Logic brings all of your data front and center with elegant dashboards, custom reporting, and software that bring your data to you.

Integrating Sumo Logic Monitoring with NGINX Logs

After you’ve installed Sumo Logic for NGINX you’ll need to configure logging for NGINX. By default, and as previously mentioned, NGINX has two major log files `error.log` and `access.log`. Depending on how you installed NGINX, these log files can be in different directories or location. If you’re unsure which distribution you are running or where your log files can be found, you can visit NGINX Configuring Logging documentation.

Once you’ve found the source location of your log files, you have two was for Sumo Logic to ingest your NGINX log data.

1. Uploading Log Files - probably what most people are used to when it comes to uploading files. This is similar to uploading documents or photos to a cloud server. Very easy to do but also not the most efficient nor scalable way to monitor your servers log files.
2. Streaming Log Data - Sumo Logic supports data streams by an installed agent that runs on your server. This pushes your servers data to Sumo Logic’s web platform, therefore eliminating the need for administrators and engineers to manually upload log file to the platform for analysis.
   Assuming you are running on Linux, you can find the agents and install via an easy to use set up by clicking here.

Sumo Logic Dashboards for NGINX Logging

With Sumo Logic Dashboards, administrators and engineers are able to parse data, comb through logs, and search for specific keywords and strings to drill down on key insights and metrics. Thanks to NGINX error.logs and access.log files, Sumo Logic is capable of ingesting tons of data to provide admins with a colorful and intuitive dashboard. Sumo Logic’s dashboard is easy enough for beginners to use yet robust enough to pull what is necessary out of the flood of data.

Sumo Logic breaks down the log data into a general overview of activity that includes, but is not limited to the following:

• Visitor Locations
  Information about where your users are located and where traffic is originated from. This is also broken down into several key filters including: Worldwide, United States, Visits by Country, and Visits by US State.
• Visitor Access Types
  Traffic information is also collected and parsed by users operating systems, platforms, mobile devices, browsers, and hardware manufacturer. This information is valuable for marketing and business teams to decipher which users are actually accessing your company’s apps or websites, and how do they stack up against other devices or operating systems.
• Visitor Traffic Insight
  Being able to tell which pages are the most popular on your website and which features are the most visited help your development and business teams assess the content being server on your web applications. Content that is most popular can be expanded and content that is not popular or old can be reworked or completely removed.
• Web Server Operations
  Insight into your own server is probably some of the most crucial data any administrator will need to evaluate what measures need to be taken to optimize their web applications and environment. Being able to view a list of Top 10 Bots, a geo location of 400 web errors, and Top 5 Errors Messages are just a few of the custom filters you can apply to your Sumo Logic Dashboards.

Conclusion: Increase and Improve NGINX Logging

As you can see, Sumo Logic applies groundbreaking tools, proprietary technology, and analytics to provide amazing software debugging and application monitoring. Harnessing the power of machine data analytics empowers administrators and web engineers by providing them with valuable insight into their environment, being able to reduce troubleshooting time to action and increase efficiency and productivity. Together with NGINX, Sumo Logic pulls data and presents it in an easily digestible manner by providing dashboards and parsing ability that redefines how businesses and development teams are tackling issues and managing risks in real time.

Additional resources:

• Know Your Logs: IIS vs. Apache vs. NGINX Logs