On Tue, Nov 10, 2015 at 11:08:44AM +0200, Avraham Serour wrote:
> Hi,
>
> I have an ubuntu machine and installed nginx stable using the ppa (1.9.3)
>
> In my conf I'm sending the logs to syslog:
>
> access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json;
> error_log syslog:server=unix:/dev/log,tag=nginx,severity=error;
>
> then I'm using rsyslog to ship my logs to my logstash server.
>
> My problem is that it seems nginx does't properly tag the messages, I
> should be able to filter nginx messages in my rsyslog conf using:
>
> if $programname == 'nginx' then {
>
> but it seems $programname is my hostname, the tag is added to the message
> bodyThis happens because nginx uses remote syslog message format, which includes hostname. To use it with local syslog daemon you have two options: a) tell your syslog daemon that there is a hostname in a message coming from nginx b) tell nginx to not send hostname, using the 'nohostname' option, added recently in 1.9.7 (http://nginx.org/en/docs/syslog.html) > > This creates two problems: now I need to workaround to filter nginx > messages and my message body format is messed up, my beautifully json > format is now not a valid json and I need to further manipulate it. > > I was able to work around this for the access logs, my filter is now: > if $msg contains 'lenginx_access' then { > and I am using the substring to remove the prefix > > But I wasn't able to accomplish this for the error logs, it seems I can't > use a custom format for the error logs > > So any way of custom formatting my error logs to output json? > How can I tell nginx to properly tag the messages? > > btw, upon registering to this mailing list I got a confirmation email with > my password, really?? > > Avraham _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
