From 1119e46cace57ad80fcde0071d7efaab0dfbba8f Mon Sep 17 00:00:00 2001 From: mdbirnstiehl Date: Fri, 10 May 2024 12:07:01 -0500 Subject: [PATCH] review updates --- docs/en/observability/monitor-nginx-ml.asciidoc | 10 +++++----- docs/en/observability/monitor-nginx.asciidoc | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/en/observability/monitor-nginx-ml.asciidoc b/docs/en/observability/monitor-nginx-ml.asciidoc index 9f7ce399d5..87dd7a7652 100644 --- a/docs/en/observability/monitor-nginx-ml.asciidoc +++ b/docs/en/observability/monitor-nginx-ml.asciidoc @@ -2,7 +2,7 @@ [[monitor-nginx-ml]] == Part 5: Find anomalies in your nginx access logs -The {integrations-docs}/nginx[Nginx Elastic integration] provides built in machine learning (ML) jobs to help find unusual activity in your nginx access logs. +The {integrations-docs}/nginx[Nginx Elastic integration] to help find unusual activity in your nginx access logs. Monitoring anomalies in your access logs helps you detect: * security threats @@ -17,21 +17,21 @@ Monitoring anomalies in your access logs helps you detect: The nginx ML module provides the following anomaly detection jobs: [[horizontal]] -Low request rates (low_request_rate_nginx):: Uses the {ml-docs}/ml-count-functions.html#ml-count[`low_count`] function to detect abnormally low request rates. Abnormally low request rates might indicate network issues or other issues are preventing requests from reaching the server. -Unusual source IPs - high request rates (`source_ip_request_rate_nginx`):: Uses the {ml-docs}/ml-count-functions.html#ml-count[`hight_count`] function to detect abnormally high request rates from individual IP addresses. Many requests from a single IP or small group of IPs might indicate something malicious like a DDoS attack where many requests are sent to overwhelm the server and make it unavailable to users. +Low request rates (`low_request_rate_nginx`):: Uses the {ml-docs}/ml-count-functions.html#ml-count[`low_count`] function to detect abnormally low request rates. Abnormally low request rates might indicate that network issues or other issues are preventing requests from reaching the server. +Unusual source IPs - high request rates (`source_ip_request_rate_nginx`):: Uses the {ml-docs}/ml-count-functions.html#ml-count[`hight_count`] function to detect abnormally high request rates from individual IP addresses. Many requests from a single IP or small group of IPs might indicate something malicious like a DDoS attack where a large number of requests are sent to overwhelm the server and make it unavailable to users. Unusual source IPs - high distinct count of URLs (`source_ip_url_count_nginx`):: Uses the {ml-docs}/ml-count-functions.html#ml-distinct-count[`high_distinct_count`] function to detect individual IP addresses accessing abnormally high numbers of unique URLs. A single IP accessing many unique URLs might indicate something malicious like web scraping or an attempt to find sensitive data or vulnerabilities. Unusual status code rates (`status_code_rate_nginx`):: Uses the {ml-docs}/ml-count-functions.html#ml-count[`count`] function to detect abnormal status code rates. A high rate of status codes could indicate problems with broken links, bad URLs, or unauthorized access attempts. A high rate of status codes could also point to server issues like limited resources or bugs in your code. Unusual visitor rates (`visitor_rate_nginx`):: Uses the {ml-docs}/ml-count-functions.html#ml-nonzero-count[`non_zero_count`] function to detect abnormal visitor rates. High visitor rates could indicate something malicious like a DDoS attack. Low visitor rates could indicate issues with access to the server. -Refer to {integrations-docs}/nginx#ml-modules[Nginx integration ML modules] for more on the jobs and the ML module manifest. +Refer to {integrations-docs}/nginx#ml-modules[nginx integration ML modules] for more on the jobs and the ML module manifest. [discrete] [[monitor-nginx-ml-prereqs]] === Before you begin Verify that your environment is set up properly to use the {ml-features}. -If the {es} {security-features} are enabled, you need a user with permissions to manage {anomaly-jobs}. +If {es} {security-features} are enabled, you need a user with permissions to manage {anomaly-jobs}. Refer to {ml-docs}/setup.html[Set up ML features]. [discrete] diff --git a/docs/en/observability/monitor-nginx.asciidoc b/docs/en/observability/monitor-nginx.asciidoc index 2f10a16ed3..e4d7a4dedc 100644 --- a/docs/en/observability/monitor-nginx.asciidoc +++ b/docs/en/observability/monitor-nginx.asciidoc @@ -9,7 +9,7 @@ Return to this tutorial after you've learned the basics. **** -Use the {integrations-docs}/nginx[Nginx Elastic integration] and the {agent} to collect valuable metrics and logs from your nginx instances. Then, use built-in dashboards and tools like Logs Explorer in {kib} allow you to visualize and monitor your nginx data from one place. This data provides valuable insight into your nginx instances—for example: +Use the {integrations-docs}/nginx[nginx Elastic integration] and the {agent} to collect valuable metrics and logs from your nginx instances. Then, use built-in dashboards and tools like Logs Explorer in {kib} to visualize and monitor your nginx data from one place. This data provides valuable insight into your nginx instances—for example: * A spike in error logs for a certain resource may mean you have a deleted resource that is still needed. * Access logs can show when a service's peak times are, and, from this, when it might be best to perform things like maintenance. @@ -199,7 +199,7 @@ To open the nginx dashboard: The *Metrics Nginx overview* shows visual representations of total requests, processed requests, heartbeat/up, active connections, reading/writing/waiting rates, request rate, accepts and handled rates, and drops rate. [role="screenshot"] -image::images/nginx-metrics-dashboard.png[Nginx metrics dashboard, 75%] +image::images/nginx-metrics-dashboard.png[nginx metrics dashboard, 75%] [discrete] [[monitor-nginx-explore-logs]] @@ -229,7 +229,7 @@ image::images/nginx-logs-explorer.png[Logs Explorer showing nginx error logs] [discrete] [[monitor-nginx-logs-dashboard]] -==== Nginx logs dashboards +==== nginx logs dashboards The nginx integration has built-in dashboards that show the full picture of your nginx logs in one place. To open the nginx dashboards: