Nginx Logs

Connecting Nginx logs to your Panther Console

Overview

Panther supports ingesting Nginx logs via common options: Amazon Web Services (AWS) S3, SQS, and CloudWatch.

How to onboard Nginx logs to Panther

To connect these logs into Panther:

In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for the log type you want to onboard, then click its tile.
Select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:
Configure Nginx to push logs to the Data Transport source.
- See Nginx's documentation for instructions on pushing logs to your selected Data Transport source.

Querying logs in Data Explorer

Supported log types

Nginx.Access

Access Logs for your Nginx server. Panther supports Nginx 'combined' format.

schema: Nginx.Access
parser:
    fastmatch:
        match:
            - '%{remoteAddr} - %{remoteUser} [%{time}] "%{request}" %{status} %{bodyBytesSent} "%{httpReferer}" "%{httpUserAgent}"'
        emptyValues:
            - '-'
description: Access Logs for your Nginx server. We currently support Nginx 'combined' format.
referenceURL: https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
fields:
    - name: remoteAddr
      description: The IP address of the client (remote host) which made the request to the server.
      type: string
      indicators:
        - ip
    - name: remoteUser
      description: The userid of the person making the request. Usually empty unless .htaccess has requested authentication.
      type: string
      indicators:
        - username
    - name: time
      required: true
      description: The time that the request was received (UTC).
      type: timestamp
      timeFormats:
        - '%d/%b/%Y:%H:%M:%S %z'
      isEventTime: true
    - name: request
      description: The request line from the client. It includes the HTTP method, the resource requested, and the HTTP protocol.
      type: string
    - name: status
      description: The HTTP status code returned to the client.
      type: smallint
    - name: bodyBytesSent
      description: The size of the object returned to the client, measured in bytes.
      type: bigint
    - name: httpReferer
      description: The HTTP referrer if any.
      type: string
    - name: httpUserAgent
      description: The agent the user used when making the request.
      type: string

PreviousNetskope Logs (Beta)NextNotion Logs

Last updated 1 year ago

Was this helpful?

How to onboard Nginx logs to Panther

To connect these logs into Panther:

In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

Click Create New.

Search for the log type you want to onboard, then click its tile.

Select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:

Configure Nginx to push logs to the Data Transport source.

See Nginx's documentation for instructions on pushing logs to your selected Data Transport source.

Supported log types

Nginx.Access

Access Logs for your Nginx server. Panther supports Nginx 'combined' format.

Reference:

schema: Nginx.Access
parser:
    fastmatch:
        match:
            - '%{remoteAddr} - %{remoteUser} [%{time}] "%{request}" %{status} %{bodyBytesSent} "%{httpReferer}" "%{httpUserAgent}"'
        emptyValues:
            - '-'
description: Access Logs for your Nginx server. We currently support Nginx 'combined' format.
referenceURL: https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
fields:
    - name: remoteAddr
      description: The IP address of the client (remote host) which made the request to the server.
      type: string
      indicators:
        - ip
    - name: remoteUser
      description: The userid of the person making the request. Usually empty unless .htaccess has requested authentication.
      type: string
      indicators:
        - username
    - name: time
      required: true
      description: The time that the request was received (UTC).
      type: timestamp
      timeFormats:
        - '%d/%b/%Y:%H:%M:%S %z'
      isEventTime: true
    - name: request
      description: The request line from the client. It includes the HTTP method, the resource requested, and the HTTP protocol.
      type: string
    - name: status
      description: The HTTP status code returned to the client.
      type: smallint
    - name: bodyBytesSent
      description: The size of the object returned to the client, measured in bytes.
      type: bigint
    - name: httpReferer
      description: The HTTP referrer if any.
      type: string
    - name: httpUserAgent
      description: The agent the user used when making the request.
      type: string