CVE-2021-22205 (GitLab) – Defensive

Hello,

I'm going through some old labs I haven't managed to complete. 

This one's a bit of a beast. 

I can get a reverse shell, I can see I am git. 

however I cannot for the life of me Identify the NGINX log files.

this doesn't return anything from the shell or when I am shh'd into the gitlab server
find / -type f -name "gitlab_access.log" 2>/dev/null

and this isn't returning anything from either the shell or ssh session

iml-user@defsec:~/Desktop$ sigmac -t grep sigma.yml

grep -P -i '^(?:.*(?=.*POST)(?=.*499))'

any clues gratefully received ;)