Log File Monitoring - Nginx Proxy HTTP Status Codes
Monitoring Log Files - HTTP Status Codes of a Nginx Proxy
The file I monitor is located at
The default Zabbix user that the Zabbix agent user uses, does not have read access to many log files on the system.
You can usually add the zabbix user to a group to solve this problem.
access.log file can be read by the www-data or adm groups on ubuntu 18,
so I add the zabbix user to the adm group.
To find out which groups a log file can be read by, for example, I typed,
This tells me that the
access.log file can be read by www-data and adm groups.
Then I check which groups the user zabbix is part of,
If it's not part of either group already, I then add it,
and check again to confirm.
After changing the zabbix users permissions, you will need to restart the zabbix agent.
I can read the most recent log file entries by typing
You can also check this command works when using the zabbix user,
I then created an item for the host, with settings
|Name||HTTP Status Codes|
|Type of Information||numeric (unsigned)|
The regex value that I copy into https://regex101.com is
This regex can separate the values for both Nginx and Apache access logs.
The regex splits each row of the log into several groups.
The HTTP Status code is in the 8th group.
and since I am only interested in the status code, I can use the regex
I can also create triggers to notify on
- 101 Switching Protocols
- 301 Moved Permanently
- 302 Redirect
- 304 not modified
- 400 Bad Request
- 401 Unauthorized
- 403 Forbidden
- 404 Not found
- 405 Method Not Allowed
- 500 Server Error
In this video I demonstrate creating triggers for HTTP 5XX errors and use count to detect 10 or more HTTP 404 Errors in 10 minutes.
How and whether you decide to trigger on HTTP status codes is up to you. The video just provides examples for you to follow.
If you installed Zabbix like I did on Ubuntu 20.04 with the default apache server, there also are apache logs at /var/log/apache2/ on the Zabbix server that you can use for this lesson.
You can tail them in the command prompt using
This is a good source of http logs of you don't already have an active webserver somewhere that you can use, or you don't want to set one up.
Apache and Nginx logs follow the same format so my regex in the video will still work.