NGINX Logs

Overview

Evidence: NGINX Logs Description: Collect NGINX Logs Category: Applications Platform: linux Short Name: ngxl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

NGINX web server logs on Linux capture HTTP/HTTPS requests, errors, and server activities. NGINX is widely used as both a web server and reverse proxy, making its logs essential for investigating web-based attacks.

Data Collected

This collector gathers structured data about nginx logs.

Collection Method

This collector gathers NGINX logs from the standard /var/log/nginx directory, which contains access logs, error logs, and any custom log configurations.

Forensic Value

NGINX logs provide evidence of web attacks, API abuse, DDoS attempts, authentication bypasses, and malicious request patterns. They're essential for investigating compromised web applications and reverse proxy attacks.