Reduce context-switching for engineers

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Nginx Promtail Configuration Example - Log Collection

Explore a practical Nginx Promtail configuration example for collecting journal, syslog, and Nginx access/error logs. Optimize your log aggregation with Promtail.

Nginx Promtail Configuration Example

This document provides a practical example of a Promtail configuration designed to collect logs from various sources, specifically focusing on Nginx web server logs, system journal, and syslog. Promtail is a log collection agent that forwards logs to Loki, a horizontally scalable, highly available, multi-tenant log aggregation system inspired by Prometheus.

Promtail Configuration Overview

The configuration below outlines how to set up Promtail to scrape and send logs. It includes settings for the Promtail server itself, client configurations for connecting to Loki, and detailed scrape configurations for different log types.

Journald Log Collection

This section configures Promtail to collect logs from systemd's journald. It specifies a maximum age for logs to consider and sets relevant labels for filtering and organization within Loki.

Syslog Log Collection

Here, Promtail is set up to collect logs from the standard syslog file. The configuration includes static targets and labels to identify these logs.

Nginx Log Collection (Access and Error)

This is a key part of the configuration, demonstrating how to collect both Nginx access logs and error logs. Each log type is assigned a specific job name and labels, including `level` (info/error) and `service_name`, which are crucial for effective log analysis and debugging in Loki.

The configuration uses `static_configs` to define the log files to be scraped. It's important to ensure that the `__path__` directive correctly points to your Nginx log files. The labels applied, such as `job: prod/nginx`, `environment: production`, and `host: demo-app-prod`, help in categorizing and querying logs based on their origin and purpose.

For more advanced scenarios, you might consider using `pipeline_stages` to parse log content, extract specific fields, or enrich logs with additional metadata before sending them to Loki.

External Resources:

# Example: promtail to collect journal, syslog and nginx logs
# Application called demo-app running in production
#
# job: prod/nginx
# environment: production
# host: demo-app-prod (or hostname)
# service_name: demo-app-prod

server:
  http_listen_port: 9080
  grpc_listen_port: 0
positions:
  filename: /var/lib/promtail/positions.yaml
clients:
  - url: https://<LOKI_USERNAME>:<LOKI_PASSWORD>@<LOKI_FQDN>/loki/api/v1/push

scrape_configs:
  - job_name: journal
    journal:
      max_age: 1h
      path: /var/log/journal
      labels:
        job: prod/journal
        environment: production
        host: demo-app-prod
    relabel_configs:
      - source_labels: ['__journal__systemd_unit']
        target_label: 'unit'

  - job_name: syslog
    pipeline_stages:
    static_configs:
    - targets:
        - localhost
      labels:
        job: prod/syslog
        host: demo-app-prod
        environment: production
        __path__: /var/log/syslog

  - job_name: nginx-info
    static_configs:
    - targets:
        - localhost
      labels:
        job: prod/nginx
        environment: production
        host: demo-app-prod
        level: info
        service_name: demo-app-prod
        __path__: /var/log/nginx/access.log

  - job_name: nginx-error
    static_configs:
    - targets:
        - localhost
      labels:
        job: prod/nginx
        environment: production
        host: demo-app-prod
        level: error
        service_name: demo-app-prod
        __path__: /var/log/nginx/error.log
← Back to loki cheatsheets All cheatsheets 🙏  Credits & Acknowledgments