[rsyslog-notify] Forum Thread: Problems to get Nginx log into rsyslog - (Mode 'edit_topic')

noreply at adiscon.com noreply at adiscon.com
Thu Jun 23 08:56:38 CEST 2016 

User: doca 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26654#p26654

Message: 
----------
Hello,
i'm playing around with nginx and rsyslog. My desired solution would be to
get nginx log all access logs directly in rsyslog (on the same server).
When i got this running i want to make rsyslog write into kafka.

But because i'm not so much familiar with admin services and i spend now
half a day trying to get nginx to write to rsyslog with no success i would
really appreciate some help.
On my ubuntu server i run nginx 1.10.1 with rsyslogd 8.19.0. 
Taken from
[url:2iaojsis]http://nginx.org/en/docs/syslog.html[/url:2iaojsis]
i configured nginx like this:
[code:2iaojsis]
server{
        ssl on;
        ssl_certificate /etc/nginx/conf/url_bundle.crt;
        ssl_certificate_key /etc/nginx/conf/url.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers
ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL;
        server_name someurl.com;
        add_header Cache-Control no-cache;
        listen   443 ssl;
        access_log
syslog:server=unix:/var/log/nginx.sock,facility=local7,tag=nginx,severity=info
combined;
        location = /crossdomain.xml {
                root /var/www/crossdomain/;
            }
        location / {
                try_files $uri /index.html;
                add_header Access-Control-Allow-Origin *;
                root /usr/share/nginx/html;
                index index.html index.htm;
                }
}
[/code:2iaojsis]

My rsyslog.conf looks like this. Because i read that data loss with tcp is
lower i wanted to use tcp.
[code:2iaojsis]
#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool files
#
$WorkDirectory /var/spool/rsyslog
[/code:2iaojsis]

But all i can see in syslog.log is other stuff than my nginx stuff.

Do you have an idea what i did wrong?
Thanks
doca

More information about the rsyslog-notify mailing list