Logging is incredibly useful, but in certain environments, it can be challenging to manage effectively. One key issue is the volume of data being recorded, which can quickly balloon file sizes and storage requirements. Compliance policies around data retention only add to the complexity, driving up the need for larger disks and higher storage costs. To mitigate these concerns, many production deployments choose to offload logs to centralized logging platforms.
NGINX is no exception. It offers a built-in integration with syslog, enabling administrators to forward logs directly from NGINX to a remote logging server.
Setting Up Remote Logging with NGINX
Building upon our previous guide, Guide to NGINX Logs, let’s revisit the NGINX configuration file to adjust logging directives. Here, we’ll use the syslog: prefix with the error_log and access_log directives to push logs to a remote server.
For instance, if you’re using Trunc as your logging platform, your NGINX configuration might look like this:
nginxCopy codeerror_log syslog:server=[IP]:[PORT] debug;
access_log syslog:server=[IP]:[PORT],facility=local7,tag=nginx,severity=info;
Before Trunc knows what logs to collect, you must tell it where it is coming from. You do this via the Trunc dashboard, via Settings.
Configuring Syslog Options in NGINX
Note that the configuration for error_log and access_log differs slightly, and there are various parameters you can adjust with the syslog prefix:
| Parameter | Description |
|---|---|
server= | Can be a domain name, an IP address, or a UNIX-domain socket path. |
: | Specify a custom port (default is 514) for logging, assuming UDP. |
unix: | Use a UNIX-domain socket path instead of an IP address. |
The error_log directive allows limited configuration for log levels (see our Guide to NGINX Logs for details). The access_log, however, provides additional options:
| Parameter | Description |
|---|---|
facility= | Defines the type of program generating the logs (default is local7). Options include auth, daemon, cron, syslog, user, etc. |
tag= | Applies a custom tag to syslog messages (e.g., nginx). |
severity= | Sets the severity level for syslog messages. Levels include debug, info, warn, error (default), crit, alert, and emerg. The specified level also logs all more severe levels. |
In our example, setting the severity to error will include logs at crit, alert, and emerg levels as well.
By configuring NGINX to use a remote logging server, you can streamline your logging infrastructure, reduce storage costs, and simplify compliance management.