Nginx logging to journald

grahamc · 2019-01-31 03:17:22 UTC

Nginx, by default, logs to /var/spool/nginx. However, this can be changed per vhost:

  services.nginx.virtualhosts.<name>.extraConfig = ''
    error_log syslog:server=unix:/dev/log;
    access_log syslog:server=unix:/dev/log combined_host;
  '';

Perhaps we should update the default nginx config to do this, too?

A similar problem is capturing stderr from PHP-FPM. I think this is all that is required:

    services.phpfpm.pools.<name> = {
      extraConfig = ''
        catch_workers_output = yes
      '';

Mic92 · 2019-01-31 17:15:28 UTC

Does this differentiate between errors and non-errors? Usually journald add some metadata if output goes to stdout vs stderr. I think journald logging is better then our current log files since we do not have log-rotating in place. There are some people that migh rely on some externals tools that parse log files so a release note will be required.

peterhoeg · 2019-02-04 14:52:07 UTC

We are using nginx quite a bit but that all goes to the journal. I have just checked a handful of servers and none of them have anything outside the journal.

That being said, I’m a huge fan of the principle of least surprise, and if we are shipping services that by default or in their typical usecases outside of the default write logs directly to disk, we definitely should ship sane defaults for log rotation.

globin · 2019-02-04 14:52:07 UTC

Those services should IMHO be fixed to log to systemd-journald.

aanderse · 2019-02-04 14:52:07 UTC

globin,

That sounds like a fine solution too. Obviously there is high value in keeping things consistent, and pretty much everything else logs to journald so that makes sense.

The only exceptions would be rsyslog and syslog-ng. Would you see a problem with having those services add automatic rotation?

lheckemann · 2019-02-04 14:52:07 UTC

We are using nginx quite a bit but that all goes to the journal. I have just checked a handful of servers and none of them have anything outside the journal.

Try /var/spool/nginx

peterhoeg · 2019-02-04 14:52:07 UTC

So I learned something new then… OK, I’m totally in favor of sane logrotate defaults and/or fixing nginx.

aanderse · 2019-02-09 01:05:38 UTC

This was actually logged as an issue a while back https://github.com/NixOS/nixpkgs/issues/30732 and here https://github.com/NixOS/nixpkgs/issues/34378

I don’t use nginx so won’t get around to fixing it likely. Anyone going to take this on before 19.03?

wmertens · 2019-02-11 15:16:56 UTC

One thing about journald though: it throws away log lines when the throughput is too high. If people want to do accounting on the logs that won’t work, so it should be optional (but maybe on by default)