syslog not properly tagged
Avraham Serour
tovmeod at gmail.com
Tue Nov 10 09:08:44 UTC 2015
Hi,
I have an ubuntu machine and installed nginx stable using the ppa (1.9.3)
In my conf I'm sending the logs to syslog:
access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json;
error_log syslog:server=unix:/dev/log,tag=nginx,severity=error;
then I'm using rsyslog to ship my logs to my logstash server.
My problem is that it seems nginx does't properly tag the messages, I
should be able to filter nginx messages in my rsyslog conf using:
if $programname == 'nginx' then {
but it seems $programname is my hostname, the tag is added to the message
body
This creates two problems: now I need to workaround to filter nginx
messages and my message body format is messed up, my beautifully json
format is now not a valid json and I need to further manipulate it.
I was able to work around this for the access logs, my filter is now:
if $msg contains 'lenginx_access' then {
and I am using the substring to remove the prefix
But I wasn't able to accomplish this for the error logs, it seems I can't
use a custom format for the error logs
So any way of custom formatting my error logs to output json?
How can I tell nginx to properly tag the messages?
btw, upon registering to this mailing list I got a confirmation email with
my password, really??
Avraham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151110/b80bd751/attachment.html>
More information about the nginx
mailing list