Friday, May 13, 2016

nginx prepending data to access log when using syslog



Using the below format and access log config:




log_format syslog '{"hi2u":true,"request_time":"$request_time","@timestamp":"$time_iso8601", "request_id":"$http_x_request_id", "token":"$token"}';

access_log syslog:server=localhost:9000 syslog;


I get this message on port 9000 when using netcat:




<190>Aug 29 06:17:03 user-all-series nginx:
{"hi2u":true,"request_time":"0.000","@timestamp":"2017-08-29T06:17:03-07:00",

"request_id":"-", "token":"abcdef123456789"}




If I look in the nginx source I see what looks like the header being added here:



https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_log_module.c#L360



Anyone know a way to disable the header there so just the log_format shows up? I image it's probably just a syslog format in the spec of which I'm ignorant :)



I commented out that line and it's the behavior I expect :)




if (log[l].syslog_peer) {
    // p = ngx_syslog_add_header(log[l].syslog_peer, line);
}

Answer



Another one courtesy of Alexy. Adding it here so that folks see it:



That is a PRI part of syslog protocol tools.ietf.org/html/rfc3164#section-4.1.1


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...