Skip to main content
Sumo Logic

Collect Logs and Metrics in Non Kubernetes environment

Collect Logs and Metrics for Nginix Plus in Non Kubernetes environment

We use the Telegraf operator for Nginx Plus metric collection and Sumo Logic Installed Collector for collecting Nginx Plus logs. The diagram below illustrates the components of the Nginx Plus collection in a non-Kubernetes environment. Telegraf runs on the same system as Nginx Plus, and uses the Nginx Plus input plugin to obtain Nginx Plus metrics, and the Sumo Logic output plugin to send the metrics to Sumo Logic. Logs from Nginx on the other hand are sent to either a Sumo Logic Local File source.

Configuring log and metric collection for the Nginx Plus App includes the following tasks:

  • Step 1: Collect Logs for Nginx Plus

  1. Configure logging in Nginx Plus
  2. Configure a Collector
  3. Configure a Source
  • Step 2: Collect Metrics for Nginx Plus

  1. Configure Metrics in Nginx Plus
  2. Configure a Hosted Collector
  3. Configure a Metrics Source
  4. Install Telegraf
  5. Configure Telegraf and Forward Metrics to Sumo Logic

Step 1: Collect Logs for Nginx Plus in Non Kubernetes environment

This section provides instructions for configuring log collection for the Sumo Logic App for Nginx Plus. Follow the instructions below to set up the Log collection.

1. Configure logging in Nginx

Before you can configure Sumo Logic to ingest logs, you must configure the logging of errors and processed requests in NGINX Open Source and NGINX Plus. For instructions, refer to the following documentation:

https://www.nginx.com/resources/admin-guide/logging-and-monitoring/

2. Configure a Collector

Use one of the following Sumo Logic Collector options:

  1. To collect logs directly from the Nginx Plus machine, configure an Installed Collector.

  2. If you are using a service like Fluentd, or you would like to upload your logs manually, configure a Hosted Collector

3. Configure a Source

For an Installed Collector

To collect logs directly from your Nginx Plus machine, use an Installed Collector and a Local File Source. 

  1. Add a Local File Source.

  2. Configure the Local File Source fields as follows:

    • Name. (Required)

    • Description. (Optional)

    • File Path (Required). Enter the path to your error.log or access.log. The files are typically located in /var/log/nginx/*.log. If you are using a customized path, check the nginx.conf file for this information. If you are using Passenger, you may have instructed Passenger to log to a specific log using the passenger_log_file option.

    • Source Host. Sumo Logic uses the hostname assigned by the OS unless you enter a different hostname.

    • Source Category. Enter any string to tag the output collected from this Source, such as Nginx/Access or Nginx/Error. (The Source Category metadata field is a fundamental building block to organize and label Sources. For details see Best Practices.)

  3. Configure the Advanced section:

    • Enable Timestamp Parsing. Select Extract timestamp information from log file entries.

    • Time Zone. Automatically detect.

    • Timestamp Format. The timestamp format is automatically detected.

    • Encoding. Select UTF-8 (Default).

    • Enable Multiline Processing. 

      • Error logs. Select Detect messages spanning multiple lines and Infer Boundaries - Detect message boundaries automatically.

      • Access logs. These are single-line logs, uncheck Detect messages spanning multiple lines.

  4. Click Save.

For a Hosted Collector

If you are using a service like Fluentd, or you would like to upload your logs manually, use a Hosted Collector and an HTTP Source.

  1. Add an HTTP Source.

  2. Configure the HTTP Source fields as follows:

    • Name. (Required)

    • Description. (Optional)

    • Source Host. Sumo Logic uses the hostname assigned by the OS unless you enter a different hostname.

    • Source Category. Enter any string to tag the output collected from this Source, such as Nginx/Access or Nginx/Error. (The Source Category metadata field is a fundamental building block to organize and label Sources. For details see Best Practices.)

  3. Configure the Advanced section:

    • Enable Timestamp Parsing. Select Extract timestamp information from log file entries.

    • Time Zone. For Access logs, use the time zone from the log file. For Error logs, make sure to select the correct time zone.

    • Timestamp Format. The timestamp format is automatically detected.

    • Enable Multiline Processing. 

      • Error logs: Select Detect messages spanning multiple lines and Infer Boundaries - Detect message boundaries automatically.

      • Access logs: These are single-line logs, uncheck Detect messages spanning multiple lines.

  4. Click Save.

  5. When the URL associated with the HTTP Source is displayed, copy the URL so you can add it to the service you are using, such as Fluentd.

Step 2: Collect Metrics for Nginx Plus in Non Kubernetes environment

This section provides instructions for configuring metrics collection for the Sumo Logic App for Nginx Plus. Follow the below instructions to set up the metric collection.

1. Configure Metrics in Nginx Plus

Before you can configure Sumo Logic to ingest metrics, you must enable API module to expose metrics in NGINX Plus.

2. Configure a Hosted Collector

To create a new Sumo Logic hosted collector, perform the steps in the Configure a Hosted Collector section of the Sumo Logic documentation.

3. Configure a Metrics Source

Create a new HTTP Logs and Metrics Source in the hosted collector created above by following these instructions. 

Make a note of the HTTP Source URL.

4. Install Telegraf

Use the following steps to install Telegraf.

5. Configure and start Telegraf

Create a file called telegraf.conf and add the appropriate configuration. The following is a basic example:

[agent]
  interval = "60s"
# Read Nginx Plus full API information (ngx_http_api_module)
[[inputs.nginx_plus_api]]
 # An array of Nginx Plus API URLs to gather stats.
 urls = ["http://localhost/api"]
 # HTTP response timeout (default: 5s)
 response_timeout = "5s"
  # Nginx Plus API version, default: 3
 api_version = 6
[[outputs.sumologic]]
  url = "<URL Created in Step 3>"
  data_format = "prometheus"
  • interval - This is the frequency to send data to Sumo Logic, in this example, we will send the metrics every 60 seconds. Please refer to this doc for more properties that can be configured in the Telegraf agent globally.
  • urls - The url to the Nginx Plus server with the API enabled. This can be a comma-separated list to connect to multiple Nginx Plus servers. Please refer to this doc for more information on configuring the Nginx API input plugin for Telegraf.
  • url - This is the HTTP source URL created in step 3. Please refer to this doc for more information on configuring the Sumo Logic Telegraf output plugin.
  • data_format = The format to use when sending data to Sumo Logic. Please refer to this doc for more information on configuring the Sumo Logic Telegraf output plugin.

Once you have finalized your telegraf.conf file, you can run the following command to start telegraf.

telegraf --config /path/to/telegraf.conf