Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Aggregate Nginx access logs and combine them
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Aggregate Nginx access logs and combine them

jimaekjimaek Member
in General

I have multiple VPS servers running Nginx. All of them proxy cache content from the same origin so the file structure is the same everywhere.

My end goal is to get the total number of hits from all servers for the last 30 days for all files under a directory.
Something like /files/project/* = 2000hits

What are your recommendations on the whole system?

I am looking into https://logentries.com to stream there my access logs, but not sure yet if I can do everything I need with that.

What do you think?

Comments

  • tchentchen Member

    Sumologic has probably one of the better filtering / aggregation short of rolling your own.

  • NickMNickM Member

    I would set up all of the nginx servers to log to a syslog server, and configure the syslog server with a MySQL or Postgres backend. That way, you can do all kinds of analytics on it.

    Thanked by 1cgs3238
  • howardsl2howardsl2 Member
    edited March 2014

    To combine Nginx logs, use "logresolvemerge.pl" from Awstats. Then you can do analysis. Refer to:
    http://awstats.sourceforge.net/docs/awstats_tools.html
    (Scroll down to find description of that tool)

    On Ubuntu it is located at /usr/share/awstats/tools/logresolvemerge.pl. To install Awstats just run apt-get install awstats.

  • jimaekjimaek Member

    @nickm I see here that only Nginx Plus supports remote syslog http://nginx.com/products/

    @hwdsl2 For this I would need to somehow sync all access logs to a single server, right?

    @tchen SUmologic is an enterprise product. Once the free trial is over I am afraid how much they will ask.

  • MarkTurnerMarkTurner Member

    We use Loggly (www.loggly.com) this will allow you to aggregate/search your syslog data

  • tchentchen Member

    @jimaek said:
    tchen SUmologic is an enterprise product. Once the free trial is over I am afraid how much they will ask.

    You can shove in 500MB per day of logs when free.

  • jimaekjimaek Member

    I tried loggly too but so far have no idea how to aggregate it in a way to get the number of hits per day. logentries.com has a COUNT function that I think I can use, waiting for support on that.

  • jimaekjimaek Member

    @tchen 7 days of retention is not good enough for me.

    I am also looking into Piwik https://github.com/piwik/piwik/tree/master/misc/log-analytics

  • MarkTurnerMarkTurner Member

    How about Logstash and Kabana

    Or something like OpenWebAnalytics

  • howardsl2howardsl2 Member
    edited March 2014

    @jimaek said:
    hwdsl2 For this I would need to somehow sync all access logs to a single server, right?

    Yes that is correct. You can schedule a hourly rsync via cron, for example.

  • bookstackbookstack Member

    Try splunk storm, the most generous offer for free tier.

Sign In or Register to comment.