syslog not properly tagged

Avraham Serour tovmeod at
Tue Nov 10 09:08:44 UTC 2015


I have an ubuntu machine and installed nginx stable using the ppa (1.9.3)

In my conf I'm sending the logs to syslog:

access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json;
error_log syslog:server=unix:/dev/log,tag=nginx,severity=error;

then I'm using rsyslog to ship my logs to my logstash server.

My problem is that it seems nginx does't properly tag the messages, I
should be able to filter nginx messages in my rsyslog conf using:

if $programname == 'nginx' then {

but it seems $programname is my hostname, the tag is added to the message

This creates two problems: now I need to workaround to filter nginx
messages and my message body format is messed up, my beautifully json
format is now not a valid json and I need to further manipulate it.

I was able to work around this for the access logs, my filter is now:
if $msg contains 'lenginx_access' then {
and I am using the substring to remove the prefix

But I wasn't able to accomplish this for the error logs, it seems I can't
use a custom format for the error logs

So any way of custom formatting my error logs to output json?
How can I tell nginx to properly tag the messages?

btw, upon registering to this mailing list I got a confirmation email with
my password, really??

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list