syslog not properly tagged
Avraham Serour
tovmeod at gmail.com
Wed Nov 11 10:15:25 UTC 2015
well the problem is not only with formatting, formatting is just and
inconvenience that I managed to work around already, my main problem is to
catch nginx logs only.
my rsyslog config will parse every syslog message, everyone that writes to
syslog will send messages, I only need the ones coming from nginx, actually
I even need to tell apart the error from access since they have diferent
formatting
On Tue, Nov 10, 2015 at 7:47 PM, B.R. <reallfqq-nginx at yahoo.fr> wrote:
> Vladimir already provided a plan B in his a) point. :oP
>
> ---
> *B. R.*
>
> On Tue, Nov 10, 2015 at 10:43 AM, Avraham Serour <tovmeod at gmail.com>
> wrote:
>
>> Well nohostname seems to be what I need, but 1.9.7 is even newer than
>> mainline (currently 1.9.6), my manager won't let me deploy anything but
>> stable on production
>> So unless 1.9.7 gets tagged as stable soon it seems I will need a
>> workaorund
>>
>> Thanks
>> Avraham
>>
>> On Tue, Nov 10, 2015 at 11:23 AM, Vladimir Homutov <vl at nginx.com> wrote:
>>
>>> On Tue, Nov 10, 2015 at 11:08:44AM +0200, Avraham Serour wrote:
>>> > Hi,
>>> >
>>> > I have an ubuntu machine and installed nginx stable using the ppa
>>> (1.9.3)
>>> >
>>> > In my conf I'm sending the logs to syslog:
>>> >
>>> > access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json;
>>> > error_log syslog:server=unix:/dev/log,tag=nginx,severity=error;
>>> >
>>> > then I'm using rsyslog to ship my logs to my logstash server.
>>> >
>>> > My problem is that it seems nginx does't properly tag the messages, I
>>> > should be able to filter nginx messages in my rsyslog conf using:
>>> >
>>> > if $programname == 'nginx' then {
>>> >
>>> > but it seems $programname is my hostname, the tag is added to the
>>> message
>>> > body
>>>
>>> This happens because nginx uses remote syslog message format, which
>>> includes hostname. To use it with local syslog daemon you have two
>>> options:
>>>
>>> a) tell your syslog daemon that there is a hostname in a message coming
>>> from nginx
>>>
>>> b) tell nginx to not send hostname, using the 'nohostname' option, added
>>> recently in 1.9.7 (http://nginx.org/en/docs/syslog.html)
>>>
>>> >
>>> > This creates two problems: now I need to workaround to filter nginx
>>> > messages and my message body format is messed up, my beautifully json
>>> > format is now not a valid json and I need to further manipulate it.
>>> >
>>> > I was able to work around this for the access logs, my filter is now:
>>> > if $msg contains 'lenginx_access' then {
>>> > and I am using the substring to remove the prefix
>>> >
>>> > But I wasn't able to accomplish this for the error logs, it seems I
>>> can't
>>> > use a custom format for the error logs
>>> >
>>> > So any way of custom formatting my error logs to output json?
>>> > How can I tell nginx to properly tag the messages?
>>> >
>>> > btw, upon registering to this mailing list I got a confirmation email
>>> with
>>> > my password, really??
>>> >
>>> > Avraham
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151111/4421478c/attachment.html>
More information about the nginx
mailing list