syslog not properly tagged
B.R.
reallfqq-nginx at yahoo.fr
Tue Nov 10 17:47:54 UTC 2015
Vladimir already provided a plan B in his a) point. :oP
---
*B. R.*
On Tue, Nov 10, 2015 at 10:43 AM, Avraham Serour <tovmeod at gmail.com> wrote:
> Well nohostname seems to be what I need, but 1.9.7 is even newer than
> mainline (currently 1.9.6), my manager won't let me deploy anything but
> stable on production
> So unless 1.9.7 gets tagged as stable soon it seems I will need a
> workaorund
>
> Thanks
> Avraham
>
> On Tue, Nov 10, 2015 at 11:23 AM, Vladimir Homutov <vl at nginx.com> wrote:
>
>> On Tue, Nov 10, 2015 at 11:08:44AM +0200, Avraham Serour wrote:
>> > Hi,
>> >
>> > I have an ubuntu machine and installed nginx stable using the ppa
>> (1.9.3)
>> >
>> > In my conf I'm sending the logs to syslog:
>> >
>> > access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json;
>> > error_log syslog:server=unix:/dev/log,tag=nginx,severity=error;
>> >
>> > then I'm using rsyslog to ship my logs to my logstash server.
>> >
>> > My problem is that it seems nginx does't properly tag the messages, I
>> > should be able to filter nginx messages in my rsyslog conf using:
>> >
>> > if $programname == 'nginx' then {
>> >
>> > but it seems $programname is my hostname, the tag is added to the
>> message
>> > body
>>
>> This happens because nginx uses remote syslog message format, which
>> includes hostname. To use it with local syslog daemon you have two
>> options:
>>
>> a) tell your syslog daemon that there is a hostname in a message coming
>> from nginx
>>
>> b) tell nginx to not send hostname, using the 'nohostname' option, added
>> recently in 1.9.7 (http://nginx.org/en/docs/syslog.html)
>>
>> >
>> > This creates two problems: now I need to workaround to filter nginx
>> > messages and my message body format is messed up, my beautifully json
>> > format is now not a valid json and I need to further manipulate it.
>> >
>> > I was able to work around this for the access logs, my filter is now:
>> > if $msg contains 'lenginx_access' then {
>> > and I am using the substring to remove the prefix
>> >
>> > But I wasn't able to accomplish this for the error logs, it seems I
>> can't
>> > use a custom format for the error logs
>> >
>> > So any way of custom formatting my error logs to output json?
>> > How can I tell nginx to properly tag the messages?
>> >
>> > btw, upon registering to this mailing list I got a confirmation email
>> with
>> > my password, really??
>> >
>> > Avraham
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151110/f643ecdb/attachment.html>
More information about the nginx
mailing list