1

Nginx adds logging to syslog feature in version 1.7.1.

I can only get the version 1.6.2 from ppa:nginx/stable, or the version 1.4.6 from the default Ubuntu package sources.

I have a common log (rsyslog) server which collects data from a few dozen servers. rsyslog is already configured on every machine to propagate logs to either the primary log machine or the failover, if the primary is down.

What are my options for getting Nginx logs to local syslog (which then be sent to remote server by rsyslog)?

Note: while answers related directly to Nginx logging are welcome, I'm also looking for general answers which would apply to any application (thus the lack of tag for this question). The reason is that I haven't migrated all the applications to syslog yet, and I expect other apps to cause similar problems.

Important notes related to the accepted answer:

  1. While inotify is available since the beta version of rsyslog 5.9.6, April 12th, 2012, it is otherwise supported only since January 24th, 2014 in rsyslog 8.1.5.

    This requires using ppa:adiscon/v8-stable in Ubuntu, since the latest Ubuntu distribution at the moment of writing (14.04 LTS) is using rsyslog 7.4.4.

  2. inotify mode is specified in module(), not input():

    module(load="imfile" mode="inotify")

    With inotify, PollingInterval doesn't have to be specified.

  3. When the configuration is incorrect, rsyslog doesn't log anything to /var/log/syslog. In order to inspect what's wrong, the command rsyslogd -N1 appears to be very helpful. Obviously, ps -A | grep rsyslog helps too in order to find whether rsyslog is running.

    The current rsyslog version can be obtained by executing rsyslogd -version.

  4. ReadMode in input() should be set to zero.

  5. The module() and input() configuration “should be placed on top of the rsyslog.conf file”.

  6. It seems that rsyslog hates Nginx. It doesn't matter what owner, group or permissions are set on /var/log/nginx/ or /var/log/nginx/access.log, the file changes are ignored (without any error whatsoever). The same happens for any other file created in /var/log/nginx/ directory.

    When files are created in a different directory, such as /home/demo/ or /var/log/, changes are reflected in syslog as expected.

Improve this question
2
  • Like a script/process to read nginx's logs every 1/5/10 minutes and append new lines into syslog? Commented Jan 16, 2015 at 1:31
  • @Xen2050: I was rather looking for something which will stream the log entries directly to the log server. Commented Jan 19, 2015 at 11:34

1 Answer 1

Reset to default
1

I'm assuming that you have rsyslog running on the local machine and that it's forwarding logs to your remote log server.

From the rsyslog documentation, it looks like you can define an input module to do exactly what you are wanting. I saw details of it here:

http://www.rsyslog.com/doc/master/configuration/modules/imfile.html

It even provides some nifty examples.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.