Inspect network traffic for signs of suspicious behavior

Request a DemoRead the Docs

Monitor Nginx logs with Panther’s Nginx integration to gain complete visibility into your network traffic.

Nginx records information in its access log for each request made by a client. This includes the files that are accessed, how Nginx responded to a request, what browser a client is using, the IP address of clients, and more. Panther can collect, normalize, and monitor Nginx logs to help you identify suspicious activity in real-time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Nginx with Panther include:

  • Understand and analyze the performance of your Nginx server
  • Track and analyze user behaviors such as visits or logins
  • Troubleshoot server failures and redirects in your code

How it Works

The integration is simple and fast:

  • Send your Nginx Logs to S3 with a log forwarding agent like Fluentd or Logstash
  • Add your S3 Bucket as a data source in Panther
  • Panther parses, normalizes, and analyzes your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for Nginx.