NGINX

NGINX configuration

Put the following configuration in your nginx.conf or a virtualhost-specific configuration file.

access_log syslog:server=unix:/opt/logman.io/syslog-ng/var/nginx_access_log;
error_log syslog:server=unix:/dev/log,nohostname info;

Please note the nohostname flag needs to be set in error_log configuration to ensure the correct log line format.

Syslog-ng configuration

Nginx errors are logged in a RFC3164 format to /dev/log which means that no additional configuration needs to be set. However a parser for the access log must be created in syslog-ng configuration.

First configure the source:

source s_nginx_al {
    unix-dgram("/opt/logman.io/syslog-ng/var/nginx_access_log");
};

Then add the accesslog parser

parser p_accesslog {
    csv-parser(
        dialect(escape-double-char)
        flags(strip-whitespace)
        delimiters(" ")
        template("${MESSAGE}")
        quote-pairs('""[]')
        columns(
            "lm.P",
            "lm.al.i", # Client IP
            "lm.al.I", # Ident
            "lm.al.a", # Auth
            ".TMP.TSTAMP",
            "MESSAGE",
            "lm.al.c", # Response code
            "lm.al.b", # Bytes
            "lm.al.r", # Referrer
            "lm.al.A" # Agent
        )
    );
    csv-parser(
        template("${MESSAGE}")
        delimiters(" ")
        dialect(escape-none)
        flags(strip-whitespace)
        columns(
            "lm.al.m", # Method
            "lm.al.p", # Request path
            "lm.al.v"  # HTTP version
        )
    );
    date-parser(format("%d/%b/%Y:%H:%M:%S %z"), template("${.TMP.TSTAMP}"));
    map-value-pairs(
            pair("lm.T" "a") # Access Log
            pair("lm.H" "$HOST")
            pair("lm.t" "$S_UNIXTIME")
    );
};

Finally create a log configuration that reads from the created source, applies the parser and sends result to its destination.

log {
        source(s_nginx_al);
        parser(p_accesslog);
        destination(d_amqp);
};