syslog has facilities to allow you sending messages from different sources to different destinations.
That being rsyslog-related, I suggest you read some 101 books on this topic. It seems all the help about nginx you could grab from this ML has already been provided. --- *B. R.* On Wed, Nov 11, 2015 at 11:15 AM, Avraham Serour <[email protected]> wrote: > well the problem is not only with formatting, formatting is just and > inconvenience that I managed to work around already, my main problem is to > catch nginx logs only. > my rsyslog config will parse every syslog message, everyone that writes to > syslog will send messages, I only need the ones coming from nginx, actually > I even need to tell apart the error from access since they have diferent > formatting > > On Tue, Nov 10, 2015 at 7:47 PM, B.R. <[email protected]> wrote: > >> Vladimir already provided a plan B in his a) point. :oP >> >> --- >> *B. R.* >> >> On Tue, Nov 10, 2015 at 10:43 AM, Avraham Serour <[email protected]> >> wrote: >> >>> Well nohostname seems to be what I need, but 1.9.7 is even newer than >>> mainline (currently 1.9.6), my manager won't let me deploy anything but >>> stable on production >>> So unless 1.9.7 gets tagged as stable soon it seems I will need a >>> workaorund >>> >>> Thanks >>> Avraham >>> >>> On Tue, Nov 10, 2015 at 11:23 AM, Vladimir Homutov <[email protected]> wrote: >>> >>>> On Tue, Nov 10, 2015 at 11:08:44AM +0200, Avraham Serour wrote: >>>> > Hi, >>>> > >>>> > I have an ubuntu machine and installed nginx stable using the ppa >>>> (1.9.3) >>>> > >>>> > In my conf I'm sending the logs to syslog: >>>> > >>>> > access_log syslog:server=unix:/dev/log,tag=lenginx_access le_json; >>>> > error_log syslog:server=unix:/dev/log,tag=nginx,severity=error; >>>> > >>>> > then I'm using rsyslog to ship my logs to my logstash server. >>>> > >>>> > My problem is that it seems nginx does't properly tag the messages, I >>>> > should be able to filter nginx messages in my rsyslog conf using: >>>> > >>>> > if $programname == 'nginx' then { >>>> > >>>> > but it seems $programname is my hostname, the tag is added to the >>>> message >>>> > body >>>> >>>> This happens because nginx uses remote syslog message format, which >>>> includes hostname. To use it with local syslog daemon you have two >>>> options: >>>> >>>> a) tell your syslog daemon that there is a hostname in a message coming >>>> from nginx >>>> >>>> b) tell nginx to not send hostname, using the 'nohostname' option, added >>>> recently in 1.9.7 (http://nginx.org/en/docs/syslog.html) >>>> >>>> > >>>> > This creates two problems: now I need to workaround to filter nginx >>>> > messages and my message body format is messed up, my beautifully json >>>> > format is now not a valid json and I need to further manipulate it. >>>> > >>>> > I was able to work around this for the access logs, my filter is now: >>>> > if $msg contains 'lenginx_access' then { >>>> > and I am using the substring to remove the prefix >>>> > >>>> > But I wasn't able to accomplish this for the error logs, it seems I >>>> can't >>>> > use a custom format for the error logs >>>> > >>>> > So any way of custom formatting my error logs to output json? >>>> > How can I tell nginx to properly tag the messages? >>>> > >>>> > btw, upon registering to this mailing list I got a confirmation email >>>> with >>>> > my password, really?? >>>> > >>>> > Avraham >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> [email protected] >>>> http://mailman.nginx.org/mailman/listinfo/nginx >>>> >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> [email protected] >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> >> >> _______________________________________________ >> nginx mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
