Evidence: NGINX Logs
Description: Collect NGINX Logs
Category: Applications
Platform: macos
Short Name: ngxl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
NGINX web server logs on macOS capture HTTP requests, errors, and server activities. Like Apache, NGINX can be installed via system packages or Homebrew, resulting in multiple possible log locations.
Data Collected
This collector gathers structured data about nginx logs.
Collection Method
This collector gathers NGINX logs from system directories, Intel-based Homebrew installations, Apple Silicon Homebrew installations, and user-specific Homebrew log directories.
Forensic Value
NGINX logs provide evidence of web attacks, API abuse, DDoS attempts, authentication failures, and suspicious request patterns. They're essential for investigating web-based compromises and analyzing attacker behavior.
