Nginx provides native support for sending logs to syslog servers through its error_log and access_log directives. While the documentation mentions basic syslog functionality, it doesn't explicitly cover TCP port configuration - a common requirement in enterprise environments where UDP isn't acceptable for log transmission.
By default, when you specify:
error_log syslog:server=192.168.1.1:3000;
access_log syslog:server=192.168.1.1:3000 combined;
Nginx will attempt to use UDP port 3000. This behavior persists even when you explicitly specify a port number.
To force TCP transport, you need to use the syslog parameter with the tcp option:
error_log syslog:server=192.168.1.1:3000,tcp;
access_log syslog:server=192.168.1.1:3000,tcp combined;
The ,tcp suffix is crucial - it tells Nginx to establish a TCP connection rather than using UDP datagrams.
Here's a full example showing both error and access logs configured for TCP syslog:
http {
# Error logs to TCP syslog
error_log syslog:server=logs.example.com:6514,tcp debug;
# Access logs to TCP syslog with custom format
log_format syslog_format '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log syslog:server=logs.example.com:6514,tcp,facility=local7 syslog_format;
server {
listen 80;
server_name example.com;
location / {
root /var/www/html;
}
}
}
You can enhance your syslog configuration with these parameters:
facility=: Sets the syslog facility (default: local7)severity=: Defines log level (debug, info, notice, etc.)tag=: Adds a custom tag to log messages
Example with all options:
access_log syslog:server=192.168.1.1:514,tcp,facility=local5,tag=nginx_access,severity=info combined;
After applying changes, verify your configuration:
- Check Nginx syntax:
nginx -t - Reload Nginx:
systemctl reload nginx - Monitor your syslog server for incoming TCP connections
If logs aren't appearing on your syslog server:
- Verify network connectivity between servers
- Check firewall rules for the TCP port
- Test with
ncortelnetto confirm the syslog server is listening - Increase Nginx log level temporarily for debugging
When using TCP syslog:
- TCP adds overhead compared to UDP - consider impact on high-traffic servers
- Network issues may cause connection retries or buffering
- For critical systems, implement local log buffering as a fallback
Nginx's built-in syslog functionality allows you to redirect both access and error logs to a remote syslog server. The basic syntax is straightforward:
error_log syslog:server=192.168.1.1;
access_log syslog:server=192.168.1.1 combined;
By default, Nginx uses UDP port 514 for syslog communication. However, many production environments require TCP transport for reliability.
When attempting to specify a TCP port, many administrators try the intuitive approach:
error_log syslog:server=192.168.1.1:3000;
This doesn't work because Nginx still defaults to UDP even when specifying a custom port. The solution requires explicit protocol declaration.
To force TCP transport, you need to add the transport parameter:
error_log syslog:server=192.168.1.1:3000,tcp;
access_log syslog:server=192.168.1.1:3000,tcp combined;
Key parameters to note:
server: IP or hostname of your syslog server:3000: Custom TCP port (replace with your desired port)tcp: Explicit protocol specification
For enterprise environments, you might want additional control:
error_log syslog:server=192.168.1.1:3000,tcp,facility=local7,tag=nginx_error,severity=error;
access_log syslog:server=192.168.1.1:3000,tcp,facility=local7,tag=nginx_access combined;
Available parameters include:
facility: Syslog facility (default: local7)tag: Prefix for log messagesseverity: Minimum severity level for error logs
After making changes:
- Test configuration:
nginx -t - Reload Nginx:
nginx -s reload - Check syslog server for incoming messages
If logs aren't appearing:
- Verify network connectivity between servers
- Check firewall rules for the TCP port
- Ensure syslog server is configured to listen on TCP
- Inspect Nginx error log for configuration issues