Forum Discussion

nirajbhatt's avatar
nirajbhatt
Icon for Nimbostratus rankNimbostratus
Feb 27, 2023

Push NGINX Plus and App Protect metrics/logs to Cloudwatch

Hi,

I have NGINX Plus with App Protect instances scaling in/out via AWS Autoscaling group. These instances are also connected to an NGINX Controller (after running controller agent script). 

I want to collect and push NGINX Controller Agent Metrics to AW Cloudwatch but I don't find any documentation for that.
Please suggest a way to push these metrics to AWS Cloudwatch.
Specifically I am looking to collect system metrics like system.disk.free or system.mem.available etc and push it to Cloudwatch logs.

Ultimately I need to create an alarm in cloudwatch that will send an alert based on disk and mem usage of any NGINX Plus instances of the Autoscaling group.

Are there any nginx plus directives that allow me to push these as a log entry to cloud watch?

My nginx log format is like this:

 

log_format key_value 'site="$server_name" server="$host" dest_port="$server_port" dest_ip="$server_addr" '
                                  'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
                                  'time_local="$time_local" protocol="$server_protocol" status="$status" '
                                  'bytes_out="$bytes_sent" bytes_in="$upstream_bytes_received" '
                                  'http_referer="$http_referer" http_user_agent="$http_user_agent" '
                                  'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
                                  'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
                                  'http_method="$request_method" response_time="$upstream_response_time" '
                                  'cookie="$http_cookie" request_time="$request_time" category="$sent_http_content_type" https="$https" '
                                  'CORRELATION_IDENTIFIER="$http_correlationid" ssl_client_fingerprint="$ssl_client_fingerprint" ssl_client_dn="$ssl_client_s_dn"';

    log_format security_waf '$remote_addr [$time_local] "$request" '
                            '$status waf_policy=$app_protect_policy_name, waf_request_id=$app_protect_support_id '
                            'waf_action=$app_protect_outcome, waf_action_reason=$app_protect_outcome_reason';

    access_log /var/log/nginx/access.log key_value;

    #WAF access logs
    access_log /var/log/app_protect/waf-access.log security_waf;

 

AWS
cloud
NGINX WAF

4 Replies

Sort By
    • nirajbhatt's avatar
      nirajbhatt
      Icon for Nimbostratus rankNimbostratus
      Mar 17, 2023

      Hi nginxpm ,

      Thanks for your reply and apologies for late response. Actually I need to push NGINX Plus/WAF instance logs to cloudwatch as a metrics so that I can directly create dashboard and alarms on Cloudwatch rather than manually pushing those logs in cloudwatch.

      Specifically I am looking to collect system metrics like system.disk.free or system.mem.available etc and push it to Cloudwatch.

      Ultimately I need to create an alarm in cloudwatch that will send an alert based on disk and mem usage of any NGINX Plus instances of the Autoscaling group.