I am trying to send logs to rsyslog via nginx, but it seems that it is not
being sent.
here is the nginx conf, I have defined a custom log format,
log_format rsyslog '$remote_addr - $remote_user [$time_iso8601]
"$request "'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/api_access.log rsyslog;
access_log syslog:server=localhost:514 rsyslog;
error_log /var/log/nginx/api_error.log debug;
I am storing these logs in file also, and sending to rsyslog also.
alphauser@AlphaServer:/etc/rsyslog.d$ sudo netstat -nulp | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
41335/rsyslogd
udp6 0 0 :::514 :::*
41335/rsyslogd
The rsyslog udp port 514 is open.
Here is the rsyslog configuration,
template(name="all-json-nginx"
type="list"){
constant(value="{ ")
constant(value="\"level\":\"")
property(name="syslogseverity-text")
constant(value="\", ")
constant(value="\"type\":\"")
property(name="programname")
constant(value="\", ")
constant(value="\"from\":\"")
property(name="hostname")
constant(value="\", ")
property(name="$!all-json" position.from="2")
}
if $syslogtag == 'nginx' then {
action(type="mmnormalize"
rulebase="/opt/rsyslog/nginx-logs.rb"
)
action(type="omelasticsearch"
template="all-json-nginx" # use the template defined earlier
searchIndex="nginx-logs-alpha"
searchType="nginx"
server="xx.xx.xx.xx"
serverport="9200"
uid="****"
pwd="****"
bulkmode="on" # use the bulk API
action.resumeretrycount="-1" # retry indefinitely if Elasticsearch is
unreachable
)
}
else {
action( name="all-logs-alpha"
type="omelasticsearch"
server="xx.xx.xx.xx"
serverport="9200"
searchIndex="all-logs-alpha"
uid="****"
pwd="****"
bulkmode="on"
action.resumeretrycount="-1")
}
1 - The thing is that nginx logs are being written to the file, but are not
being sent to the rsyslog.
2 - The rsyslog config is right, as I see no error in rsyslog status, and
logs are being sent to the elasticsearch in "all-logs-alpha" index.
I am running rsyslog by `$ rsyslogd -dn` command, and I dont see any error
and no mention of nginx at all
Also, I have tested this whole setup on my local machine and it works well,
but is causing issues on my server.
What is the possible issue here and how can it be solved?
--
View this message in context:
http://rsyslog-users.1305293.n2.nabble.com/problem-with-nginx-to-rsysog-tp7592519.html
Sent from the rsyslog-users mailing list archive at Nabble.com.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
