We use machine learning technology to do auto-translation. Click "English" on top navigation bar to check Chinese version.
Use Amazon CloudWatch Contributor Insights for general analysis of NGINX logs
Customers build, deploy, and maintain millions of web applications on Amazon Web Services and many customers deploy these applications using
Customers can leverage
This blog will show you how to monitor and perform analysis of NGINX logs using CloudWatch Contributor Insights. NGINX logs provide visibility on web applications such as errors, response times, and performance of web applications. In addition to CloudWatch Contributor Insights, customers can then activate CloudWatch Metrics and CloudWatch Alarms for comprehensive system monitoring.
Prerequisites
For this walkthrough, you should have the following prerequisites:
- Enable NGINX server to run in an Amazon Web Services account. For this example, a NodeJS web application and API will be installed, configured, and deployed using the included CloudFormation template.
- NGINX web application server running in an Amazon Web Services account with web logs enabled in JSON format (see below for NGINX configuration).
Solution Overview
The preceding figure shows how NGINX web server application logs are sent to CloudWatch through the pre-installed CloudWatch agent on the instances. All Amazon Linux 2 AMIs include CloudWatch agent. These logs are analyzed by Contributor Insights rules and report is displayed on CloudWatch dashboard.
Walkthrough
From the Amazon Web Services Management Console, navigate to
Step 1: Select Create log group.
In CloudWatch navigate to
- Select NGINX log group by name from the drop down.
- Select Custom rule for Rule type.
- In Contribution section – enter the unique keys ‘remote_addr’ and ‘status’ to extract remote address of the request and the status of the request. These will be visualized in the CloudWatch dashboard.
- Give Rule name.
- Select Create.
Once you create a rule, it may take up to 5 minutes before you see any data being reported. At this point, let’s deploy the CloudFormation Stack that will create an EC2 Instance running NGINX and a Node Express Web Application w/ two API endpoints to simulate a web application and API example.
Step 2: Deploy the following CFT template:
This will take 5–10 minutes. You can view the status of the deployment.
Once the stack is deployed check the outputs tab for the NGINX URL:
Step 3: The deployment takes 5–10 minutes. Once complete click on the WebsiteURL to see the following monitoring application running with two API endpoints FAILED and OK. The application is running and logging to NGINX web logs in JSON format. These logs are streamed to CloudWatch in the access_json_log log group for analysis.
Click continue to HTTP Site when prompted with the following page:
Step 4: View the NGINX Web application server status and then click on /admin/health/x1 and /return-status/200 to open in new tabs (open multiple times to simulate API access):
Step 5: Now that the example web application and API is running, we will create a CloudWatch Dashboard to display 5XX, 4XX, 3XX response codes from the application. Then we will create CloudWatch Metrics for 5XX 4XX 3XX response codes that will be used for CloudWatch Alarms.
Let’s search for log messages with 3XX response code.
Let’s search for log messages with 4XX response code.
Let’s search for log messages with 5XX response code.
Step 6: Now let’s create a Metric Filter that will be used for visualization on the CloudWatch dashboard and for a CloudWatch Alarm.
Similarly, create a new Metric Filter for 2XX, 4XX, 5XX status codes.
Step 7: Once these metrics are created, the aggregated data will aid with the reporting of the contributions in Contributor Insights. Now let’s add the Contributor Insight rule to the CloudWatch Dashboard. Select on Add to dashboard to add to existing dashboard or create a new dashboard. Here we’ll add the CI rules as well the Alarm created previously to show a single pane of glass for 5XX.
Summary
In this blog we explained how to stream NGINX logs from an EC2 instance to CloudWatch, parse the logs with filters, create a graph to visualize NGINX status codes, and create alarms for status codes all within a single pane of glass.
Web application/API monitoring and observability are instrumental to enterprises and their business. Product and engineering teams can view, investigate, and remediate issues that occur in web applications when web server logs are streamed to CloudWatch using the broad capabilities of CloudWatch Contributor Insights, CloudWatch Logs, CloudWatch Metrics, and CloudWatch Alarms.
About the Author
The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.