Overview
Setting up
- Account setup
- Starting Log360 Cloud
- Supported log sources
- Adding Syslog devices
- Subscription
- Prerequisites
- Service Level Agreement (SLA)
- Amazon Web Services (AWS)
- Microsoft 365 Auto Configuration
- Microsoft 365 Manual Configuration
Dashboard
Reports
- Available Reports
- Manage Predefined Reports
- Manage Report Views
- Custom Reports
- Types of Report Views
- Report Exporting
- Schedule exports
- Advanced Active Directory reports
  - User Work Hours
  - Account lockout analyzer
Compliance Reports
Search
- Search
- Search tool
- Save searches
- Share searches
- Export searches
- Add or remove fields from the search results
- Tagging tool
Cloud correlation
- Understanding correlation
- Generating correlation reports
- Managing correlation rules
Alerts
- Creating alert profiles
- View log alerts
- Ticketing tool integration
- Manage profiles
Incident Workbench
- Overview
- Access
- User analytics
- Process Analytics
- Advanced Threat Analytics
- Incident building
- Device summary
Incident management
- Incident management
Configuration settings
- Devices
- Applications
- Manage Cloud Sources
- Vulnerability data
- vCenter
- Threat management solutions
  - Threat Source
- File Monitoring
- Import log data
Admin settings
- Manage Agents
- Agent Settings
- Log Source Groups
- User management
- Accounts Management
- Configuring object level auditing
- Configuring audit policies
- Configuring Windows member server audit policies
- Technician audit
- Advanced Threat Analytics
- Bulk actions for Agents
- Privacy settings
- Notification settings
- Notification Templates
- Working Hour Settings
- Reload Historical Logs
- My account settings
- Product settings
- Log Collection Filter
- Custom log parsing
- License
- Cloud Storage Estimator
- Listener ports
- Log forwarding
Developer space
- Custom Widgets
- Extension Profile Generation
- Extension Builder
Marketplace
- Installing Extensions
- Compliance Extensions
- Nginx
Cloud protection
- Cloud Protection in Log360 Cloud
- Gateway Cluster
- Gateway Server
- Prerequisites for Gateway Server configuration
- Installing Gateway Server
- Endpoint Configuration
- Certificate Authority Configuration
- Manage Certificate Trust Store
- Two-way SSL Support
- Manage Banned Applications
- Manage Sanctioned Applications
- Gateway Server Failover
- Application Insight
- User Access Insight
- Cloud Access Reports
- CASB application reports
- Shadow Cloud Application Reports
- Reports on Banned Cloud Applications
- File Upload Reports
- Threat Analytics in Cloud Protection
- Regenerate Access Key
- Troubleshooting gateway server errors
API Support
Teams
- Overview
- Managing Teams
MSSP Edition
- Introduction
- MSSP Account Setup
- Dashboard
- Manage Clients
- Evaluation Clients
- My Account Settings
- Technician Management
- License
Troubleshooting
- Overview
- WMI-based errors
Encryption at Rest (EAR)
Contact us

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Nginx overview

Nginx is a high-performance web server, reverse proxy, and load balancer designed for modern web architectures. It's known for its efficiency, stability, and low resource consumption, making it ideal for handling high-traffic websites.

Nginx extension scope

The Nginx extension for Log360Cloud enables integration of Nginx logs into the Log360 Cloud ecosystem. This extension provides features such as log collection, parsing, reporting, alerting, correlation, and advanced log search capabilities for monitoring web traffic and server performance.

Configuring Nginx log format

To configure Nginx and define a custom access log format, follow these steps:

1. Open the Nginx configuration file

Locate Nginx configuration file on your system:

Windows: Navigate to NginxDirectory/nginx.conf and open it using a text editor.
Linux: Run the following command to open the file: sudo nano /etc/nginx/nginx.conf

2. Define the custom access log format

Inside the http block of the nginx.conf file, add the following log format definition:

Copy to Clipboard

log_format event_log_analyzer 'time_local="$time_local" connection="$connection" realip_remote_addr="$realip_remote_addr" remote_addr="$remote_addr" host="$host" remote_port="$remote_port" remote_user="$remote_user" server_name="$server_name" server_addr="$server_addr" server_port="$server_port" request="$request" uri="$uri" http_referer="$http_referer" http_user_agent="$http_user_agent" request_filename="$request_filename" http_cookie="$http_cookie" sent_http_content_type="$sent_http_content_type" http_x_forwarded_for="$http_x_forwarded_for" proxy_host="$proxy_host" status="$status" bytes_sent="$bytes_sent" https="$https" request_time="$request_time" ssl_cipher="$ssl_cipher" ssl_protocol="$ssl_protocol" upstream_addr="$upstream_addr" upstream_status="$upstream_status" upstream_bytes_received="$upstream_bytes_received" upstream_response_time="$upstream_response_time" upstream_cache_status="$upstream_cache_status"';

3. Specify the access log location

Inside the http block, define where the access logs should be stored and apply the custom log format. Please refer to the following example:

Format: access_log location log_format_name;
Example: access_log /var/log/nginx/access.log log360_nginx;

4. Reload Nginx to apply changes

Once the configuration changes are made, reload Nginx for the updates to take effect.

Windows: Run the following command in the command prompt:
nginx -s reload
Linux: Run the following command:
sudo systemctl reload nginx

Configuring in Log360 Cloud

After installing the Nginx Extension in Log360 Cloud, configure the scheduled import for the access.log file from the Nginx server file path. Ensure that the correct file path is used during configuration.

Navigate to Settings → Configuration Settings → Log Source Configuration → Import Logs → From Device

Note: Refer to the Import Logs document for the step-by-step procedure. The default format of the Nginx logs will not be identified automatically. You should select the log format while importing the default logs other than the custom format mentioned above.

Audited Nginx events

Here are the types of audited events captured from Nginx in Log360 Cloud:

Category	Events
Nginx web server events	Web server traffic, Request rate, Requests per session, URI accessed, Virtual server events, Files accessed, SSL success events, SSL handshake failure
Web server HTTP status code	Success events, Redirection events, Client-side errors, Server-side errors.
Nginx upstream events	Upstream request, Upstream redirection, Cache efficiency

Viewing Nginx reports

To view Nginx reports, navigate to the Reports tab and select Nginx from the Custom Reports sub-tab.

Nginx

Enabling Nginx Alerts

To view the Alerts, navigate to the Alerts tab -> Manage Alert Profiles.

In the Manage Alert Profiles page, select Custom Alert Profiles as the Alert Profile Type. Click the search icon and add Nginx to filter out the alert profile(s). Select the profile(s) and click the green check mark icon to enable the alert profile.

Nginx

To associate the log source, click the edit icon to open the Edit Alert Profile window. In the Log Source field, click the add button and select the configured log source for Nginx. Click Update to save the changes.

Nginx