well the problem is not only with formatting, formatting is just and inconvenience that I managed to work around already, my main problem is to catch nginx logs only. my rsyslog config will parse every syslog message, everyone that writes to syslog will send messages, I only need the ones coming from nginx, actually I even need to tell apart the error from access since they have diferent formatting
On Tue, Nov 10, 2015 at 7:47 PM, B.R. <[email protected]> wrote: > Vladimir already provided a plan B in his a) point. :oP > > --- > *B. R.* > > On Tue, Nov 10, 2015 at 10:43 AM, Avraham Serour <[email protected]> > wrote: > >> Well nohostname seems to be what I need, but 1.9.7 is even newer than >> mainline (currently 1.9.6), my manager won't let me deploy anything but >> stable on production >> So unless 1.9.7 gets tagged as stable soon it seems I will need a >> workaorund >> >> Thanks >> Avraham >> >> On Tue, Nov 10, 2015 at 11:23 AM, Vladimir Homutov <[email protected]> wrote: >> >>> On Tue, Nov 10, 2015 at 11:08:44AM +0200, Avraham Serour wrote: >>> > Hi, >>> > >>> > I have an ubuntu machine and installed nginx stable using the ppa >>> (1.9.3) >>> > >>> > In my conf I'm sending the logs to syslog: >>> > >>> > access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json; >>> > error_log syslog:server=unix:/dev/log,tag=nginx,severity=error; >>> > >>> > then I'm using rsyslog to ship my logs to my logstash server. >>> > >>> > My problem is that it seems nginx does't properly tag the messages, I >>> > should be able to filter nginx messages in my rsyslog conf using: >>> > >>> > if $programname == 'nginx' then { >>> > >>> > but it seems $programname is my hostname, the tag is added to the >>> message >>> > body >>> >>> This happens because nginx uses remote syslog message format, which >>> includes hostname. To use it with local syslog daemon you have two >>> options: >>> >>> a) tell your syslog daemon that there is a hostname in a message coming >>> from nginx >>> >>> b) tell nginx to not send hostname, using the 'nohostname' option, added >>> recently in 1.9.7 (http://nginx.org/en/docs/syslog.html) >>> >>> > >>> > This creates two problems: now I need to workaround to filter nginx >>> > messages and my message body format is messed up, my beautifully json >>> > format is now not a valid json and I need to further manipulate it. >>> > >>> > I was able to work around this for the access logs, my filter is now: >>> > if $msg contains 'lenginx_access' then { >>> > and I am using the substring to remove the prefix >>> > >>> > But I wasn't able to accomplish this for the error logs, it seems I >>> can't >>> > use a custom format for the error logs >>> > >>> > So any way of custom formatting my error logs to output json? >>> > How can I tell nginx to properly tag the messages? >>> > >>> > btw, upon registering to this mailing list I got a confirmation email >>> with >>> > my password, really?? >>> > >>> > Avraham >>> >>> _______________________________________________ >>> nginx mailing list >>> [email protected] >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> >> >> _______________________________________________ >> nginx mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
