Configure Nginx to send logs to Rsyslog

RSYSLOG is the rocket-fast system for log processing. It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.

Since version 1.7.1, nginx is capable of direct logging to syslog.

error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx,severity=error;
access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx,severity=info main;

For older versions of nginx, we need to manually configure Rsyslog to log nginx logs.

Step1: Open the rsyslog config file

#vi /etc/rsyslog.conf

Step2: Add the following line before the line $IncludeConfig /etc/rsyslog.d/*.conf

$ModLoad imfile

Step3: Create a new file for nginx rsyslog configuration

#vi /etc/rsyslog.d/nginx.conf

Step4: Update the following lines.

# error log
$InputFileName /var/log/nginx/error.log
$InputFileTag nginx:
$InputFileStateFile stat-nginx-error
$InputFileSeverity error
$InputFileFacility local6
$InputFilePollInterval 1
$InputRunFileMonitor

# access log
$InputFileName /var/log/nginx/access.log
$InputFileTag nginx:
$InputFileStateFile stat-nginx-access
$InputFileSeverity notice
$InputFileFacility local6
$InputFilePollInterval 1
$InputRunFileMonitor

Step5: Restart rsyslog service

#service rsyslog restart