nginx配置日志发送给syslog服务器

2024-07-12 00:01| 来源: 网络整理| 查看: 265

需求描述

网站服务器用的nginx默认是把日志保存在本地的/var/log/nginx/access.log和/var/log/nginx/error.log, 想要同时输出给syslog日志服务器

配置方法

修改/etc/nginx/nginx.conf配置文件, 除了原有的配置以外, 在相应位置分别重复添加两行配置就行:

user nginx; worker_processes 1; # 这是原来的配置, 记录错误日志到本地文件 error_log /var/log/nginx/error.log warn; # 增加这一行同时记录错误日志到syslog服务器10.41.56.42上, syslog默认端口514 error_log syslog:server=10.41.56.42:514,facility=local7,tag=nginx_client,severity=error; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # 这是原来的配置, 记录访问日志到本地文件 access_log /var/log/nginx/access.log main; # 增加这一行同时记录访问日志到syslog服务器10.41.56.42上, syslog默认端口514 access_log syslog:server=10.41.56.42:514,facility=local7,tag=nginx_client,severity=info; sendfile on; #tcp_nopush on; keepalive_timeout 65; include /etc/nginx/conf.d/*.conf; }

修改完配置后重启一下nginx

$ sudo nginx -s reload nginx官方文档上对syslog日志部分设置的说明

server=address syslog服务器地址

Defines the address of a syslog server. The address can be specified as a domain name or IP address, with an optional port, or as a UNIX-domain socket path specified after the “unix:” prefix. If port is not specified, the UDP port 514 is used. If a domain name resolves to several IP addresses, the first resolved address is used.

facility=string 发送给syslog需要提供的机构名称, 用默认的local7就行, 懒得去看RFC 3164了

Sets facility of syslog messages, as defined in RFC 3164. Facility can be one of “kern”, “user”, “mail”, “daemon”, “auth”, “intern”, “lpr”, “news”, “uucp”, “clock”, “authpriv”, “ftp”, “ntp”, “audit”, “alert”, “cron”, “local0”…“local7”. Default is “local7”.

severity=string 事件级别/类型

Sets severity of syslog messages for access_log, as defined in RFC 3164. Possible values are the same as for the second parameter (level) of the error_log directive. Default is “info”. Severity of error messages is determined by nginx, thus the parameter is ignored in the error_log directive.

tag=string 标签

Sets the tag of syslog messages. Default is “nginx”.

nohostname

Disables adding the “hostname” field into the syslog message header (1.9.7).

Example syslog configuration:

error_log syslog:server=192.168.1.1 debug; access_log syslog:server=unix:/var/log/nginx.sock,nohostname; access_log syslog:server=[2001:db8::1]:12345,facility=local7,tag=nginx,severity=info combined;

【本文地址】

公司简介

联系我们