syslog not properly tagged

B.R. reallfqq-nginx at yahoo.fr
Wed Nov 11 13:40:57 UTC 2015


syslog has facilities to allow you sending messages from different sources
to different destinations.

That being rsyslog-related, I suggest you read some 101 books on this
topic. It seems all the help about nginx you could grab from this ML has
already been provided.
---
*B. R.*

On Wed, Nov 11, 2015 at 11:15 AM, Avraham Serour <tovmeod at gmail.com> wrote:

> well the problem is not only with formatting, formatting is just and
> inconvenience that I managed to work around already, my main problem is to
> catch nginx logs only.
> my rsyslog config will parse every syslog message, everyone that writes to
> syslog will send messages, I only need the ones coming from nginx, actually
> I even need to tell apart the error from access since they have diferent
> formatting
>
> On Tue, Nov 10, 2015 at 7:47 PM, B.R. <reallfqq-nginx at yahoo.fr> wrote:
>
>> Vladimir already provided a plan B in his a) point. :oP
>> ​​
>> ---
>> *B. R.*
>>
>> On Tue, Nov 10, 2015 at 10:43 AM, Avraham Serour <tovmeod at gmail.com>
>> wrote:
>>
>>> Well nohostname seems to be what I need, but 1.9.7 is even newer than
>>> mainline (currently 1.9.6), my manager won't let me deploy anything but
>>> stable on production
>>> So unless 1.9.7 gets tagged as stable soon it seems I will need a
>>> workaorund
>>>
>>> Thanks
>>> Avraham
>>>
>>> On Tue, Nov 10, 2015 at 11:23 AM, Vladimir Homutov <vl at nginx.com> wrote:
>>>
>>>> On Tue, Nov 10, 2015 at 11:08:44AM +0200, Avraham Serour wrote:
>>>> > Hi,
>>>> >
>>>> > I have an ubuntu machine and installed nginx stable using the ppa
>>>> (1.9.3)
>>>> >
>>>> > In my conf I'm sending the logs to syslog:
>>>> >
>>>> > access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json;
>>>> > error_log syslog:server=unix:/dev/log,tag=nginx,severity=error;
>>>> >
>>>> > then I'm using rsyslog to ship my logs to my logstash server.
>>>> >
>>>> > My problem is that it seems nginx does't properly tag the messages, I
>>>> > should be able to filter nginx messages in my rsyslog conf using:
>>>> >
>>>> > if $programname == 'nginx' then {
>>>> >
>>>> > but it seems $programname is my hostname, the tag is added to the
>>>> message
>>>> > body
>>>>
>>>> This happens because nginx uses remote syslog message format, which
>>>> includes hostname. To use it with local syslog daemon you have two
>>>> options:
>>>>
>>>> a) tell your syslog daemon that there is a hostname in a message coming
>>>> from nginx
>>>>
>>>> b) tell nginx to not send hostname, using the 'nohostname' option, added
>>>> recently in 1.9.7 (http://nginx.org/en/docs/syslog.html)
>>>>
>>>> >
>>>> > This creates two problems: now I need to workaround to filter nginx
>>>> > messages and my message body format is messed up, my beautifully json
>>>> > format is now not a valid json and I need to further manipulate it.
>>>> >
>>>> > I was able to work around this for the access logs, my filter is now:
>>>> > if $msg contains 'lenginx_access' then {
>>>> > and I am using the substring to remove the prefix
>>>> >
>>>> > But I wasn't able to accomplish this for the error logs, it seems I
>>>> can't
>>>> > use a custom format for the error logs
>>>> >
>>>> > So any way of custom formatting my error logs to output json?
>>>> > How can I tell nginx to properly tag the messages?
>>>> >
>>>> > btw, upon registering to this mailing list I got a confirmation email
>>>> with
>>>> > my password, really??
>>>> >
>>>> > Avraham
>>>>
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151111/95f88382/attachment.html>


More information about the nginx mailing list