Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Added NGINX data connector

This commit is contained in:
Sergiy Prystaiko 2021-01-20 14:14:14 +02:00
Родитель 326b46c43d
Коммит 3ad4d0f0bb
4 изменённых файлов: 604 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

13
.script/tests/KqlvalidationsTests/CustomTables/NGINX_CL.json Normal file
Просмотреть файл

@ -0,0 +1,13 @@
{
"Name": "NGINX_CL",
"Properties": [
{
"Name": "TimeGenerated",
"Type": "DateTime"
},
{
"Name": "RawData",
"Type": "String"
}
]
}

149
DataConnectors/NGINX/Connector_NGINX_agent.json Normal file
Просмотреть файл

@ -0,0 +1,149 @@
{
"id": "NGINX HTTP Server",
"title": "NGINX HTTP Server",
"publisher": "Nginx",
"descriptionMarkdown": "NGINX HTTP Server data connector provides the capability to ingest [NGINX HTTP Server](https://nginx.org/en/) events into Azure Sentinel. Refer to [NGINX Logs documentation](https://nginx.org/en/docs/http/ngx_http_log_module.html) for more information.",
"additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected. Follow the steps to use this Kusto Function alias **NGINXHTTPServer** in queries and workbooks. [Follow steps to get this Kusto Function>](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/NGINX/NGINXHTTPServer.txt)",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "NGINX Events",
"baseQuery": "NGINXHTTPServer"
}
],
"sampleQueries": [
{
"description" : "Top 10 Clients (Source IP)",
"query": "NGINXHTTPServer\n | summarize count() by SrcIpAddr\n | top 10 by count_"
}
],
"dataTypes": [
{
"name": "NGINX_CL",
"lastDataReceivedQuery": "NGINXHTTPServer\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"NGINXHTTPServer\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "write permission is required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"delete": true
}
}
]
},
"instructionSteps": [
{
"title": "",
"description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/NGINX/NGINXHTTPServer.txt) to create the Kusto Functions alias, **NGINXHTTPServer**",
"instructions": [
]
},
{
"title": "1. Install and onboard the agent for Linux or Windows",
"description": "Install the agent on the NGINX HTTP Server where the logs are generated.\n\n> Logs from NGINX HTTP Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
"instructions": [
{
"parameters": {
"title": "Choose where to install the Linux agent:",
"instructionSteps": [
{
"title": "Install agent on Azure Linux Virtual Machine",
"description": "Select the machine to install the agent on and then click **Connect**.",
"instructions": [
{
"parameters": {
"linkType": "InstallAgentOnLinuxVirtualMachine"
},
"type": "InstallAgent"
}
]
},
{
"title": "Install agent on a non-Azure Linux Machine",
"description": "Download the agent on the relevant machine and follow the instructions.",
"instructions": [
{
"parameters": {
"linkType": "InstallAgentOnLinuxNonAzure"
},
"type": "InstallAgent"
}
]
}
]
},
"type": "InstructionStepsGroup"
}
]
},
{
"instructions": [
{
"parameters": {
"title": "Choose where to install the Windows agent:",
"instructionSteps": [
{
"title": "Install agent on Azure Windows Virtual Machine",
"description": "Select the machine to install the agent on and then click **Connect**.",
"instructions": [
{
"parameters": {
"linkType": "InstallAgentOnVirtualMachine"
},
"type": "InstallAgent"
}
]
},
{
"title": "Install agent on a non-Azure Windows Machine",
"description": "Download the agent on the relevant machine and follow the instructions.",
"instructions": [
{
"parameters": {
"linkType": "InstallAgentOnNonAzure"
},
"type": "InstallAgent"
}
]
}
]
},
"type": "InstructionStepsGroup"
}
]
},
{
"title": "2. Configure the logs to be collected",
"description": "Configure the custom log directory to be collected" ,
"instructions": [
{
"parameters": {
"linkType": "OpenAdvancedWorkspaceSettings"
},
"type": "InstallAgent"
}
]
},
{
"title": "",
"description":"1. Select the link above to open your workspace advanced settings \n2. From the left pane, select **Data**, select **Custom Logs** and click **Add+**\n3. Click **Browse** to upload a sample of a NGINX HTTP Server log file (e.g. access.log or error.log). Then, click **Next >**\n4. Select **New line** as the record delimiter and click **Next >**\n5. Select **Windows** or **Linux** and enter the path to NGINX HTTP logs based on your configuration. Example: \n - **Linux** Directory: '/var/log/nginx/*.log' \n6. After entering the path, click the '+' symbol to apply, then click **Next >** \n7. Add **NGINX_CL** as the custom log Name and click **Done**"
}
]
}

55
Parsers/NGINX/NGINXHTTPServer.txt Normal file
Просмотреть файл

@ -0,0 +1,55 @@
// Usage Instruction :
// Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias as NGINXHTTPServer.
// Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. NGINXHTTPServer | take 10).
// Reference : Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions
let nginx_accesslog_events =() {
NGINX_CL
| where RawData matches regex @'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*\[.*\]\s\"(GET|POST).*?\"\s([1-5][0-9]{2})\s(\d+)\s\"(.*?)\"\s\"(.*?)\".*'
| extend EventProduct = 'NGINX'
| extend EventType = 'AccessLog'
| extend EventData = split(RawData, '"')
| extend SubEventData0 = split(trim_start(@' ', (trim_end(@' ', tostring(EventData[0])))), ' ')
| extend SubEventData1 = split(EventData[1], ' ')
| extend SubEventData2 = split(trim_start(@' ', (trim_end(@' ', tostring(EventData[2])))), ' ')
| extend SrcIpAddr = tostring(SubEventData0[0])
| extend SrcUserName = SubEventData0[2]
| extend EventStartTime = todatetime(replace(@'\/', @'-', replace(@'(\d{2}\/\w{3}\/\d{4}):(\d{2}\:\d{2}\:\d{2})', @'\1 \2', extract(@'\[(.*?)\+\d+\]', 1, RawData))))
| extend HttpRequestMethod = SubEventData1[0]
| extend UrlOriginal = SubEventData1[1]
| extend HttpVersion = SubEventData1[2]
| extend HttpStatusCode = SubEventData2[0]
| extend HttpResponseBodyBytes = SubEventData2[1]
| extend HttpReferrerOriginal = EventData[3]
| extend HttpUserAgentOriginal = EventData[5]
};
let nginx_errorlog_events=() {
NGINX_CL
| where RawData matches regex @'\A\d{4}\/\d{2}\/\d{2}\s+\d{2}\:\d{2}\:\d{2}\s+\[.*?\]\s\d+\#\d+\:'
| extend EventProduct = 'NGINX'
| extend EventType = 'ErrorLog'
| extend EventType = 'ErrorLog'
| extend EventSeverity = extract(@'\[(.*?)\]', 1, RawData)
| extend EventStartTime = todatetime(replace(@'\/', '-', extract(@'\A(.*?)\s\[', 1, RawData)))
| extend SrcIpAddr = extract(@'client: (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})', 1, RawData)
| extend ProcessId = extract(@'\]\s(\d+)\#', 1, RawData)
| extend ThreadId = extract(@'\]\s\d+\#(\d+)\:', 1, RawData)
| extend EventMessage = extract(@'\d+\#\d+\:\s(.*)', 1, RawData)
};
union isfuzzy=true nginx_accesslog_events, nginx_errorlog_events
| project TimeGenerated
, EventProduct
, EventType
, EventSeverity
, EventStartTime
, SrcIpAddr
, SrcUserName
, HttpRequestMethod
, UrlOriginal
, HttpVersion
, HttpStatusCode
, HttpResponseBodyBytes
, HttpReferrerOriginal
, HttpUserAgentOriginal
, ProcessId
, ThreadId
, EventMessage

387
Sample Data/Custom/NGINX_CL.json Normal file
Просмотреть файл

@ -0,0 +1,387 @@
[
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "3.180.71.3 - - [17/May/2015:08:05:26 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 324 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "91.234.194.89 - - [17/May/2015:08:05:22 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "80.91.33.133 - - [17/May/2015:08:05:07 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.17)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "37.26.93.214 - - [17/May/2015:08:05:38 +0000] \"GET /downloads/product_2 HTTP/1.1\" 404 319 \"-\" \"Go 1.1 package http\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "188.138.60.101 - - [17/May/2015:08:05:25 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "93.180.71.3 - - [17/May/2015:08:05:11 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 340 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "46.4.66.76 - - [17/May/2015:08:05:02 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "62.75.198.179 - - [17/May/2015:08:05:06 +0000] \"GET /downloads/product_2 HTTP/1.1\" 200 490 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "80.91.33.133 - - [17/May/2015:08:05:55 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.16)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "173.203.139.108 - - [17/May/2015:08:05:53 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "210.245.80.75 - - [17/May/2015:08:05:32 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "46.4.83.163 - - [17/May/2015:08:05:52 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "91.234.194.89 - - [17/May/2015:08:05:18 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "93.180.71.3 - - [17/May/2015:08:05:26 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 324 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "91.234.194.89 - - [17/May/2015:08:05:22 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "80.91.33.133 - - [17/May/2015:08:05:07 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.17)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "37.26.93.214 - - [17/May/2015:08:05:38 +0000] \"GET /downloads/product_2 HTTP/1.1\" 404 319 \"-\" \"Go 1.1 package http\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "188.138.60.101 - - [17/May/2015:08:05:25 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "93.180.71.3 - - [17/May/2015:08:05:11 +0000] \"GET /downloads/product_1 HTTP/1.1\" 404 340 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.21)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "46.4.66.76 - - [17/May/2015:08:05:02 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "62.75.198.179 - - [17/May/2015:08:05:06 +0000] \"GET /downloads/product_2 HTTP/1.1\" 200 490 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "80.91.33.133 - - [17/May/2015:08:05:55 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.8.16~exp12ubuntu10.16)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "173.203.139.108 - - [17/May/2015:08:05:53 +0000] \"GET /downloads/product_1 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "210.245.80.75 - - [17/May/2015:08:05:32 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (1.0.1ubuntu2)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "46.4.83.163 - - [17/May/2015:08:05:52 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 3:59:10.000 PM",
"Computer": "srv-elk-060",
"RawData": "91.234.194.89 - - [17/May/2015:08:05:18 +0000] \"GET /downloads/product_2 HTTP/1.1\" 304 0 \"-\" \"Debian APT-HTTP/1.3 (0.9.7.9)\"\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "020/12/04 12:07:22 [info] 1270#1270: *19939 client closed connection while waiting for request, client: 10.200.11.54, server: 0.0.0.0:443\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/04 12:19:17 [info] 1269#1269: *20213 peer closed connection in SSL handshake while SSL handshaking, client: 10.200.11.54, server: 0.0.0.0:443\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/04 12:22:48 [info] 1270#1270: *20327 client closed connection while waiting for request, client: 10.200.11.54, server: 0.0.0.0:443\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/04 12:22:49 [info] 1269#1269: *20330 peer closed connection in SSL handshake while SSL handshaking, client: 10.200.11.54, server: 0.0.0.0:443\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/04 12:22:49 [info] 1270#1270: *20331 client closed connection while waiting for request, client: 10.200.11.54, server: 0.0.0.0:443\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/04 12:36:27 [info] 1269#1269: *20475 peer closed connection in SSL handshake while SSL handshaking, client: 10.200.11.54, server: 0.0.0.0:443\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/05 03:28:39 [notice] 1268#1268: signal 10 (SIGUSR1) received from 416, reopening logs\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/05 03:28:39 [notice] 1268#1268: reopening logs\n",
"Type": "NGINX_CL",
"_ResourceId": ""
},
{
"TenantId": "9143fd29-fe92-43be-93e9-3f0a4bcaeef4",
"SourceSystem": "OpsManager",
"MG": "00000000-0000-0000-0000-000000000002",
"ManagementGroupName": "srv-elk-060",
"TimeGenerated [UTC]": "1/18/2021, 4:00:16.000 PM",
"Computer": "srv-elk-060",
"RawData": "2020/12/05 03:28:39 [notice] 1269#1269: reopening logs\n",
"Type": "NGINX_CL",
"_ResourceId": ""
}
]