Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. NGINX logs format

NGINX logs format

Scheduled Pinned Locked Moved Solved Support
nginx
13 Posts 3 Posters 2.4k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      M Offline
      Mastadamus
      wrote on last edited by girish
      #1

      I'm looking at the NGINX log format and I see that its a format called "combined2" and it appears to be slightly different the the default "combined" format. Is there a reason for this? I'm trying to get my crowdsec install to parse these logs but it seems to not parse them(prob due to the fact they appear to be of a custom format" Can i change this to default?

      girishG 1 Reply Last reply
      2
      • M Mastadamus

        I'm looking at the NGINX log format and I see that its a format called "combined2" and it appears to be slightly different the the default "combined" format. Is there a reason for this? I'm trying to get my crowdsec install to parse these logs but it seems to not parse them(prob due to the fact they appear to be of a custom format" Can i change this to default?

        girishG Do not disturb
        girishG Do not disturb
        girish
        Staff
        wrote on last edited by
        #2

        @mastadamus we collect nginx stats from the logs via collectd. While the stats are currently not displayed anywhere, the plan is to use them at some point. This is the reason for the combined2 format.

        M 1 Reply Last reply
        0
        • girishG girish

          @mastadamus we collect nginx stats from the logs via collectd. While the stats are currently not displayed anywhere, the plan is to use them at some point. This is the reason for the combined2 format.

          M Offline
          M Offline
          Mastadamus
          wrote on last edited by
          #3

          @girish Is it possible to just use the basic default log format? I'm attempting to integrate crowdsec with cloudron NGINX..but the parser for crowdsec is looking for default NGINX log format. I'd have to write a new parser which admittedly I'm prob not able to do technically at this time. I gotta get stronger with the crowdsec parser format and grok.

          girishG 1 Reply Last reply
          2
          • M Mastadamus

            @girish Is it possible to just use the basic default log format? I'm attempting to integrate crowdsec with cloudron NGINX..but the parser for crowdsec is looking for default NGINX log format. I'd have to write a new parser which admittedly I'm prob not able to do technically at this time. I gotta get stronger with the crowdsec parser format and grok.

            girishG Do not disturb
            girishG Do not disturb
            girish
            Staff
            wrote on last edited by
            #4

            @mastadamus for the moment, maybe you can edit the nginx conf temporarily as needed? It's in /home/yellowtent/platformdata/nginx/nginx.conf. That part of nginx conf is only updated on a new Cloudron release (and not on app updates).

            M 2 Replies Last reply
            2
            • girishG girish

              @mastadamus for the moment, maybe you can edit the nginx conf temporarily as needed? It's in /home/yellowtent/platformdata/nginx/nginx.conf. That part of nginx conf is only updated on a new Cloudron release (and not on app updates).

              M Offline
              M Offline
              Mastadamus
              wrote on last edited by
              #5

              @girish yeah I'll give that a try.

              1 Reply Last reply
              0
              • girishG girish

                @mastadamus for the moment, maybe you can edit the nginx conf temporarily as needed? It's in /home/yellowtent/platformdata/nginx/nginx.conf. That part of nginx conf is only updated on a new Cloudron release (and not on app updates).

                M Offline
                M Offline
                Mastadamus
                wrote on last edited by
                #6

                @girish So i changed the default nginx.conf to the default combined log format and it ended up working as far as parsing the logs with crowdsec BUT when I rebooted my cloudron the NGINX service wouldn't come back up. Why does changing that prevent the NGINX service from restarting? You have any ideas?

                girishG 1 Reply Last reply
                0
                • M Mastadamus

                  @girish So i changed the default nginx.conf to the default combined log format and it ended up working as far as parsing the logs with crowdsec BUT when I rebooted my cloudron the NGINX service wouldn't come back up. Why does changing that prevent the NGINX service from restarting? You have any ideas?

                  girishG Do not disturb
                  girishG Do not disturb
                  girish
                  Staff
                  wrote on last edited by
                  #7

                  @mastadamus have you checked the nginx logs? I think journalctl -u nginx -fa should tell you why it's not starting up. AFAIK, changing log format shouldn't affect Cloudron code.

                  M 1 Reply Last reply
                  0
                  • girishG girish

                    @mastadamus have you checked the nginx logs? I think journalctl -u nginx -fa should tell you why it's not starting up. AFAIK, changing log format shouldn't affect Cloudron code.

                    M Offline
                    M Offline
                    Mastadamus
                    wrote on last edited by
                    #8

                    @girish I did check that initially and I finally figured out why. I put

                    log_format combined '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

                    but this was unnecessary and ended up throwing an error

                    1 Reply Last reply
                    0
                    • robiR Offline
                      robiR Offline
                      robi
                      wrote on last edited by
                      #9

                      can you post the known good config that worked in the end, for others to find later?

                      Conscious tech

                      M 2 Replies Last reply
                      1
                      • robiR robi

                        can you post the known good config that worked in the end, for others to find later?

                        M Offline
                        M Offline
                        Mastadamus
                        wrote on last edited by
                        #10

                        @robi yes. I will after work.

                        1 Reply Last reply
                        0
                        • robiR robi

                          can you post the known good config that worked in the end, for others to find later?

                          M Offline
                          M Offline
                          Mastadamus
                          wrote on last edited by
                          #11

                          @robi

                          user www-data;
                          
                          # detect based on available CPU cores
                          worker_processes  auto;
                          
                          # this is 4096 by default. See /proc/<PID>/limits and /etc/security/limits.conf
                          # usually twice the worker_connections (one for uptsream, one for downstream)
                          # see also LimitNOFILE=16384 in systemd drop-in
                          worker_rlimit_nofile 8192;
                          
                          pid /run/nginx.pid;
                          
                          events {
                              # a single worker has these many simultaneous connections max
                              worker_connections  4096;
                          }
                          
                          http {
                              include       mime.types;
                              default_type  application/octet-stream;
                          
                              # the collectd config depends on this log format
                          
                          
                          
                          
                              # required for long host names
                              server_names_hash_bucket_size 128;
                          
                              access_log /var/log/nginx/access.log combined;
                          
                              sendfile        on;
                          
                              # timeout for client to finish sending headers
                              client_header_timeout 30s;
                          
                              # timeout for reading client request body (successive read timeout and not whole body!)
                              client_body_timeout 60s;
                          
                              # keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
                              keepalive_timeout  65s;
                          
                              # zones for rate limiting
                              limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
                          
                              include applications/*.conf;
                          }
                          
                          
                          M 1 Reply Last reply
                          2
                          • M Mastadamus

                            @robi

                            user www-data;
                            
                            # detect based on available CPU cores
                            worker_processes  auto;
                            
                            # this is 4096 by default. See /proc/<PID>/limits and /etc/security/limits.conf
                            # usually twice the worker_connections (one for uptsream, one for downstream)
                            # see also LimitNOFILE=16384 in systemd drop-in
                            worker_rlimit_nofile 8192;
                            
                            pid /run/nginx.pid;
                            
                            events {
                                # a single worker has these many simultaneous connections max
                                worker_connections  4096;
                            }
                            
                            http {
                                include       mime.types;
                                default_type  application/octet-stream;
                            
                                # the collectd config depends on this log format
                            
                            
                            
                            
                                # required for long host names
                                server_names_hash_bucket_size 128;
                            
                                access_log /var/log/nginx/access.log combined;
                            
                                sendfile        on;
                            
                                # timeout for client to finish sending headers
                                client_header_timeout 30s;
                            
                                # timeout for reading client request body (successive read timeout and not whole body!)
                                client_body_timeout 60s;
                            
                                # keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
                                keepalive_timeout  65s;
                            
                                # zones for rate limiting
                                limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
                            
                                include applications/*.conf;
                            }
                            
                            
                            M Offline
                            M Offline
                            Mastadamus
                            wrote on last edited by
                            #12

                            @mastadamus As a bonus by changing the NGINX logs back to default, my Wazuh agent is now able to parse them fully and i'm getting full monitoring capability from wazuh for the NGINX.. I've even had 2 active response actions taken to block IP's by wazuh since i've switched. I think cloudron team should leave these at default TBH.

                            robiR 1 Reply Last reply
                            2
                            • M Mastadamus

                              @mastadamus As a bonus by changing the NGINX logs back to default, my Wazuh agent is now able to parse them fully and i'm getting full monitoring capability from wazuh for the NGINX.. I've even had 2 active response actions taken to block IP's by wazuh since i've switched. I think cloudron team should leave these at default TBH.

                              robiR Offline
                              robiR Offline
                              robi
                              wrote on last edited by
                              #13

                              @mastadamus Can you add that as a feature request and mention this thread?

                              Conscious tech

                              1 Reply Last reply
                              3
                              • M Mastadamus referenced this topic on
                              • M Mastadamus referenced this topic on
                              Reply
                              • Reply as topic
                              Log in to reply
                              • Oldest to Newest
                              • Newest to Oldest
                              • Most Votes


                                • Login

                                • Don't have an account? Register

                                • Login or register to search.
                                • First post
                                  Last post
                                0
                                • Categories
                                • Recent
                                • Tags
                                • Popular
                                • Bookmarks
                                • Search