Help us understand the problem. What is going on with this article?

Nginxのログをrsyslogで転送する

More than 5 years have passed since last update.

はじめに

nginxのログをrsyslogで転送する方法を記載します。

nginx1.7.1からaccess_log及びerror_logディレクティブがsyslogをサポートするようになったようです。

CHANGES

Changes with nginx 1.7.1 > 27 May 2014

*) Feature: the "error_log" and "access_log" directives now > support
   logging to syslog.

環境

  • Amazon Linux AMI release 2014.03
  • nginx 1.7.4
  • rsyslog 5.8.10

nginxのインストール

必要なパッケージをインストールします。

$ sudo yum install gcc make pcre-devel zlib-devel openssl-devel
$ wget http://nginx.org/download/nginx-1.7.4.tar.gz
$ tar zxvf nginx-1.7.4.tar.gz
$ cd nginx-1.7.4
$ ./configure

...(省略)...

Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ md5: using system crypto library
+ sha1: using system crypto library
+ using system zlib library

nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"

$ make
$ sudo make install

syslog転送の設定

nginxのアクセスログを local5info レベルで出力します。

/usr/local/nginx/conf/nginx.conf
http {

...(省略)...

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  syslog:server=127.0.0.1,facility=local5,severity=info  main;

...(省略)...

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages
*.info;mail.none;authpriv.none;cron.none;local5.none                /var/log/messages

}

nginxのログが/var/log/messagesに記録されないように、 「local5.none」 を追加しておきます。

rsyslogの受信設定

nginxのアクセスログを/var/log/nginx_access_logへ出力するように設定します。

/etc/rsyslog.conf
#Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

$AllowedSender UDP, 127.0.0.1
/etc/rsyslog.d/nginx.conf
local5.info    /var/log/nginx_access_log

設定を反映するため、rsyslogを再起動します。

$ sudo /etc/init.d/rsyslog restart

動作確認

nginxを起動します。

$ sudo /usr/local/nginx/sbin/nginx

indexページへアクセスします。

$ curl -I http://127.0.0.1/
HTTP/1.1 200 OK
Server: nginx/1.7.4
Date: Thu, 28 Aug 2014 14:58:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 28 Aug 2014 14:08:10 GMT
Connection: keep-alive
ETag: "53ff37ca-264"
Accept-Ranges: bytes

-Iオプションをつけて、ヘッダーのみ出力しています。

アクセスログの出力を確認します。

/var/log/nginx_access_log
Aug 28 14:58:27 ip-10-250-0-21 nginx: 127.0.0.1 - - [28/Aug/2014:14:58:27 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.36.0" "-"

参考

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした