# NGINX Logs

## Overview

**Evidence:** NGINX Logs\
**Description:** Collect NGINX Logs\
**Category:** Applications\
**Platform:** linux\
**Short Name:** ngxl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

NGINX web server logs on Linux capture HTTP/HTTPS requests, errors, and server activities. NGINX is widely used as both a web server and reverse proxy, making its logs essential for investigating web-based attacks.

## Data Collected

This collector gathers structured data about nginx logs.

## Collection Method

This collector gathers NGINX logs from the standard /var/log/nginx directory, which contains access logs, error logs, and any custom log configurations.

## Forensic Value

NGINX logs provide evidence of web attacks, API abuse, DDoS attempts, authentication bypasses, and malicious request patterns. They're essential for investigating compromised web applications and reverse proxy attacks.