NGINX Logs
Overview
Section titled “Overview”Evidence: NGINX Logs
Description: Collect NGINX Logs
Category: Applications
Platform: linux
Short Name: ngxl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”NGINX web server logs on Linux capture HTTP/HTTPS requests, errors, and server activities. NGINX is widely used as both a web server and reverse proxy, making its logs essential for investigating web-based attacks.
Data Collected
Section titled “Data Collected”This collector gathers structured data about nginx logs.
Collection Method
Section titled “Collection Method”This collector gathers NGINX logs from the standard /var/log/nginx directory, which contains access logs, error logs, and any custom log configurations.
Forensic Value
Section titled “Forensic Value”NGINX logs provide evidence of web attacks, API abuse, DDoS attempts, authentication bypasses, and malicious request patterns. They’re essential for investigating compromised web applications and reverse proxy attacks.