Join Log in
Score:0
Lana Adel avatar Ubuntu

Sending NGINX logs to a remote syslog server

ve flag
Lana Adel

How to write Nginx configuration on /etc/rsyslog.conf to forward Nginx logs to another server?

I write this configuration for rsyslog but I think it's not completely right:

enter image description here

371
2 + 1
ru flag
Thomas Ward
@Nmath I can circumvent your comment based on reading this post because what OP wants to do is make nginx report to a remote syslog server. Which they can't do with `rsyslogd` because NGINX doesn't use the local syslog system to report things to file. My answer provides this answer to them for both WSL and non-WSL.
0
Reply
Score:2
avatar Ubuntu
ru flag
Thomas Ward

The answer to your question as asked is simply: You don't. NGINX doesn't use the local syslog mechanisms to store its logs in files - it opens them and handles them directly.

NGINX does not use rsyslog or any of the other logging mechanisms to store its log files. NGINX opens them directly, bypassing rsyslogd and the rest of the syslog daemons.

NGINX however does have the mechanism to report to syslog directly.

The examples of this (from http://nginx.org/en/docs/syslog.html) are as such to implement:

# This will enable debug level logging and send to the remote syslog server at 
# 192.168.1.1 on UDP port 514
error_log syslog:server=192.168.1.1 debug;

# This logs to a syslog server listening on a local UNIX socket.
access_log syslog:server=unix:/var/log/nginx.sock,nohostname;

# This logs to a remote syslog server at IPv6 address 2001:db8::1 on UDP port 12345
# using the reporting facility 'local7', tagging it as nginx, and logging with INFO
# level logging, using the default 'combined' format for logging.
access_log syslog:server=[2001:db8::1]:12345,facility=local7,tag=nginx,severity=info combined;

The details of what each argument are is in the linked document.

Most likely you'll want to use this though:

error_log syslog:server=192.168.1.3,facility=local7;
access_log syslog:server=192.168.1.3,facility=local7,severity=info;

Just make sure you configure the remote syslog server to process the local7 facility/channel accordingly for NGINX entries.

+ 0
Score:-1
Prabhat avatar Ubuntu
gb flag
Prabhat

The ideal way to do this is via a log forwarder like fluentbit or vector which will watch the log files created by nginx, tail them and send them to the appropriate destination. You would run fluentbit/vector as a service on the same machine as nginx. Both of them are super lightweight so you should be fine on resources front.

You could use https://github.com/zinclabs/zincobserve as a destination on another server to receive logs.

ps: I am from zincobserve team.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.