In that case you should read through the blog post to define the destination of where to send the logs. https://www.syslog-ng.com/community/b/blog/posts/bulk-mode-message-sending-t... Your source definition is fine, however your "log" definition will need to include the "destination" that you define with the help of the above blog post. Evan. On 12/30/18 12:54 AM, Jason Long wrote:
Thank you, but I want to send " /var/log/nginx" and need properly configuration.
On Saturday, December 29, 2018, 6:42:58 PM GMT+3:30, Evan Rempel wrote:
If at all possible you should have the application (nginx in this case) to log directly to syslog if it can. nginx can do this with the caveat that you will no longer have files of logs. You should have syslog write the logs to a file.
See document at http://nginx.org/en/docs/syslog.html
The the nginx logs will show up in /var/log/XXXX depending on which log files your syslog daemon is configured to write. (syslog, messages etc.)
Evan.
On 12/29/18 4:32 AM, Jason Long wrote: Hello. I want to send Nginx log via syslog-ng to a server that Elasticsearch and Kibana installed on it. I'm a beginner and searched in Google but can't find a good tutorial. I want to know on Nginx server with syslog-ng installed is below config enough?
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); }; source s_myfile { file("/var/log/nginx/access.log" follow_freq(1) flags(no-parse)); }; log { source(s_myfile); };
I'm thankful if anyone share advice.
Thank you.