Nginx Logs
Connecting Nginx logs to your Panther Console
Overview
Panther supports ingesting Nginx logs via common Data Transport options: Amazon Web Services (AWS) S3, SQS, and CloudWatch.
How to onboard Nginx logs to Panther
To connect these logs into Panther:
In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for the log type you want to onboard, then click its tile.
Select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:
Configure Nginx to push logs to the Data Transport source.
See Nginx's documentation for instructions on pushing logs to your selected Data Transport source.
Querying logs in Data Explorer
To see an example of querying NGINX logs in Panther's Data Explorer, please see NGINX and ALB Access logs queries.
Supported log types
Nginx.Access
Access Logs for your Nginx server. Panther supports Nginx 'combined' format.
Reference: Nginx Documentation on Log Formatting.
Column
Type
Description
remoteAddr
string
The IP address of the client (remote host) which made the request to the server.
remoteUser
string
The userid of the person making the request. Usually empty unless .htaccess has requested authentication.
time
timestamp
The time that the request was received (UTC).
request
string
The request line from the client. It includes the HTTP method, the resource requested, and the HTTP protocol.
status
smallint
The HTTP status code returned to the client.
bodyBytesSent
bigint
The size of the object returned to the client, measured in bytes.
httpReferer
string
The HTTP referrer if any.
httpUserAgent
string
The agent the user used when making the request.
p_log_type
string
Panther added field with type of log
p_row_id
string
Panther added field with unique id (within table)
p_event_time
timestamp
Panther added standardize event time (UTC)
p_parse_time
timestamp
Panther added standardize log parse time (UTC)
p_source_id
string
Panther added field with the source id
p_source_label
string
Panther added field with the source label
p_any_ip_addresses
[string]
Panther added field with collection of ip addresses associated with the row
p_any_domain_names
[string]
Panther added field with collection of domain names associated with the row
p_any_sha1_hashes
[string]
Panther added field with collection of SHA1 hashes associated with the row
p_any_md5_hashes
[string]
Panther added field with collection of MD5 hashes associated with the row
p_any_sha256_hashes
[string]
Panther added field with collection of SHA256 hashes of any algorithm associated with the row
Last updated
Was this helpful?