Syslog-ng?

Server NGINX
1

Hi all.

I am currently deploying an evnironment with nginx webservers. I would
like
to store logs centrally with syslog-ng. I would like to make it as
efficient as it can be, I’ve found two “howtos”:
http://pastebin.com/PCYtve9s
http://grokbase.com/t/centos/centos/113ryagfqe/remote-logging-nginx-or-other-non-syslog-enabled-stuff
(Ilyas’s
responses)
which use fifos.

What do you think about using fifos? Is it more efficient than logging
to/through a file? What about sockets? Are there any other alternatives?
What are your experiences?

Best regards,
Rafal.

2

On 11/27/12 16:57, Rafał Radecki wrote:

are your experiences?
Writing logs from nginx to fifo is bad idea.

If you need efficient logging on loaded server write log to file.

  1. file can be rotated as often as need, and moved to dir accessible by
    rsync.
  2. files from this dir can be rsync-ed to central server.

If your need near-real time logs on central server (several minutes lag
is not
acceptable) try add something like this to syslog-nd config:

source nginx_access { program(“tail -F -n0 /var/log/nginx/access.log”);
};

But it will be less efficient and less reliable - some messages can be
lost at
syslog-ng restarts, central log server reboot e. t. c.


Anton Y.

3

You can try Nginx udplog module (v 1.0.0) (no idea if
that
still compiles with the newer nginx versions).

You might also contact Valery K. directly - he has written few
new
modules http://www.nginxguts.com/2012/08/better-logging-for-nginx/ (then
again those links provided are broken atm so not sure about the status
of
those).

rr

4

Why is logging to fifo a bad idea?

Best regards,
Rafal.

2012/11/27 Anton Y. [email protected]

5

On 11/27/12 17:39, Rafał Radecki wrote:

Why is logging to fifo a bad idea?

  1. If syslog-ng will stop to read data from fifo by some reason (or if
    syslog-ng
    will be terminated), nginx will be blocked on writing to log and will
    stop to
    respond to requests. So it is unreliable.

  2. Ewen when syslog-ng work, this add unpredictable delays to nginx
    request
    processing, when nginx writes log faster, than syslog-ng can read at
    this moment.


Anton Y.

6

Hi !
On 11/27/12 14:30, Reinis R. wrote:

You can try Nginx udplog module (v 1.0.0) (no idea if
that still compiles with the newer nginx versions).

You might also contact Valery K. directly - he has written few
new modules http://www.nginxguts.com/2012/08/better-logging-for-nginx/
(then again those links provided are broken atm so not sure about the
status of those).

I use this kind of things with a central syslog-ng server.

I have modified a bit the ngx_udplogger to my own setup.

You can find the source here :
https://redmine.oav.net/projects/openvisp/repository/revisions/master/show/ngx_udplogger2

(and it compiles with recent nginx).

Regards,
Xavier