ENGINSIGHT
WebsiteLoginKostenloser Testzugang
English
English
  • Overview
  • Features
  • Operation
    • Platform overview
    • Start Guide
    • Platform
      • Dashboard
        • Vulnerability Management
        • Operation Centers
        • My Dashboards
        • Configurations
      • Issues
      • Hosts (Pulsar Agent)
        • Pulsar Agent
        • Host details
        • Policy Manager
        • Software Inventory
        • Intrusion Detection System
        • File Integrity Monitoring
        • System events
        • Update Manager
        • Plugins
        • Machine Learning
      • Host (Pulsar-Agent) BETA
        • Pulsar Agent
        • Hostdetails
        • Softwareinventar
        • Plugins
        • Policies
        • Globale Tags
        • Tag Manager
        • System Events
        • Vulnerability Manager
        • Compliance
        • Intrusion Detection System
        • File Integrity Monitoring
        • Advanced Persistent Threats
      • Endpoints (Observer)
        • Endpoint details
        • Domains
        • Certificate Manager
        • Observer
      • Observations
      • Shield
      • Penetration Testing (Hacktor)
        • Run pentest
        • Audits
        • Audit Definitions
        • Target Groups
        • Auth-Providers
        • Hacktor
        • Custom Scripts
      • Discoveries
      • SIEM
        • Data Lake
        • Cockpits
        • Obfuscators
        • Workflows
        • Incidents
        • Extractors
        • Collectors
        • Loggernaut
        • Advanced Settings
        • Models
      • Alerts
      • Settings
      • Organisations
      • Tags
      • Searchbar
  • On-Premises
    • Requirements
    • Installation
      • Automatic Installation
      • Manual Installation
      • Load Balancing
      • SIEM
      • Deinstallation
    • Update
    • Configuration
      • HTTPS and Certificates
      • Licences and Organisations
      • Mail Server
      • 2-Factor Authentication
      • SSO via Office 365
      • Storage Times
      • White Label
      • NGINX Extractor
      • Field Level Encryption
      • Loggernaut-Configurations
  • Technical Details
    • System Requirements
      • Pulsar: Operating Systems
    • Current version numbers
    • Pentest Vectors
    • API
  • Partner section
    • Licenses and organizations
Powered by GitBook
On this page

Was this helpful?

  1. On-Premises
  2. Configuration

NGINX Extractor

The Nginx parser is a crucial tool for analyzing Nginx logs. It enables information to be extracted and processed, allowing security events such as requests, accesses and error messages to be effectively monitored and evaluated.

Configuration of the NGINX extractors

  1. Edit the configuration file: Open the file /etc/nginx/nginx.conf in a text editor.

  2. Add log format: In the http section, add the following log format ngs:

http {
  ...
  	##
	# Syslog
	##

	log_format ngs '$remote_addr - $remote_user "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" ["$server_name" $server_port $remote_port "$upstream_addr"]';
  1. Configure access and error logs: Configure the access and error logs to send to a relay server via syslog:

access_log syslog:server=<relayIP>:<relayPort> ngs;
	error_log syslog:server=<relayIP>:<relayPort> <level>;
  ...
}

Replace <relayIP> and <relayPort> with the corresponding values of your relay server.

  1. Define the error log level: The error log level values are: info, notice, warn, error, crit, alert, emerg. Please note that the number of logs recorded decreases as the error log level increases.

  2. Check the configuration: Execute the nginx -t command to ensure that the configuration is valid. Please note that not all log parameters are always available.

  3. Apply configuration: Use service nginx reload to load the updated configuration.

  4. Relay configuration: Make sure that "nginx" is selected as the parser for the relay.

PreviousWhite LabelNextField Level Encryption

Last updated 1 year ago

Was this helpful?