nginx logs to syslog - connection refused
13,746
nginx is trying to send your logs via a network port but your rsyslog configuration does not allow for syslog reception.
You will need to configure rsyslog to accept syslog messages by uncommenting either the UDP or TCP syslog reception configuration. nginx likely defaults to UDP so I would suggest starting there.
Don't forget to allow syslog through any firewalls you may have configured.
Related videos on Youtube
Author by
Jan Langer
Updated on September 18, 2022Comments
-
Jan Langer almost 2 years
I'm trying to setup nginx 1.7.3 to send logs to syslog, but when I this configuration:
server { access_log syslog:server=localhost; }
this shows up in nginx's error log:
2015/01/15 21:42:47 [error] 16776#0: send() failed (111: Connection refused) 2015/01/15 21:42:48 [error] 16776#0: send() failed (111: Connection refused) 2015/01/15 21:42:50 [error] 16776#0: send() failed (111: Connection refused)
I've followed http://nginx.org/en/docs/syslog.html and tried different parameter specified in there, but no luck...
The server runs rsyslogd daemon and other applications (cron, mysql) logs there without any issue.
/etc/rsyslogd.conf
# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 # provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Set the default permissions for all log files. # $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf ############### #### RULES #### ############### # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # # Logging for INN news system. # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # # Some "catch-all" log files. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg :omusrmsg:* # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole
-
Xavier Lucas over 9 yearsPost
/etc/rsyslog.conf
content. -
Jan Langer over 9 yearsadded to the post
-
Nishanth over 9 years
netstat -a | grep "tcp\|udp"
lookup open ports + check for internaliptables -L
even if localhost is unlikely to be blocked -
Xavier Lucas over 9 years@Quinix Did you read nginx's documentation ? Quoting : With a domain name or IP address, the port can be specified. If port is not specified, the port 514 is used. You have nothing listening on this port so the connection being refused is perfectly normal. Modify your rsyslog configuration accordingly.
-
-
Jan Langer over 9 yearsOh, thanks! It works now. Is there some way to set it up via socket? I'm unable to find rsyslogs's socket location. Server OS is Debian Wheezy.
-
Mehmet over 9 years@Quinix
/dev/log
is the default log socket. So you can change your nginx config tosyslog:server=unix:/dev/log
-
TimH - Codidact over 6 years@Mehmet your comment should be the accepted answer. Thank you!