Estou tentando fazer com que o nginx faça login direto no piwik. Estou tendo problemas para obter o rsyslog para acessar a sintaxe do syslog-ng. O rsyslog doc diz que o syslog-ng conf é compatível com ele.
source s_nginx_20 { pipe("/var/lib/nginx/access.log" program_override("nginx-access-log")); };
filter f_nginx_20 { match("nginx-access-log" value("PROGRAM")); };
destination d_piwik { program("/path/to/piwik.sh" template("$MSG\n")); };
log { source(s_nginx_20); filter(f_nginx_20); destination(d_piwik); };
Os resultados acima são:
Mar 3 02:05:21 CentOS-65-64-minimal kernel: imklog 5.8.10, log source = /proc/kmsg started.
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="24662" x-info="http://www.rsyslog.com"] start
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "log"" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 1:"source s_nginx_20 { pipe("/var/lib/nginx/access.log" program_override("nginx-access-log")); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 4:"filter f_nginx_20 { match("nginx-access-log" value("PROGRAM")); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "sh"" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 8:"destination d_piwik { program("/home/fsdownload/piwik.sh" template("$MSG\n")); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 10:"log { source(s_nginx_20); filter(f_nginx_20); destination(d_piwik); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.conf, line 31:"$IncludeConfig /etc/rsyslog.d/*.conf"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
Qualquer ajuda ou conselho seria apreciado. O snippet de configuração foi modificado aqui: link
Informações sobre como obter o piwik para trabalhar com o nginx estão aqui: link
Debian wheezy, rsyslog 5.8.11
nginx.conf e piwik.sh são exatamente os mesmos da documentação do piwik ( link )
Configuração do Rsyslog:
/etc/rsyslog.d/piwik.conf
$ModLoad omprog
$ActionOMProgBinary /usr/local/bin/piwik.sh
$template nginxlog,"%msg%\n"
if $syslogtag contains 'nginx' and $syslogfacility-text == 'local6' then :omprog:;nginxlog
:syslogtag, contains, "nginx" ~
Eu descubro como fazer isso no rsyslog enviado com o Centos 6. Tive que usar o formato legado para o módulo de entrada de arquivo de texto.
$ModLoad imfile # needs to be done just once
# File 1
$InputFileName /var/lib/nginx/access.log
$InputFileTag nginx_log:
$InputFileStateFile /var/lib/rsyslog/nginx_statefile1
$InputFileSeverity info
$InputFileFacility local7
$InputFilePollInterval 5
$InputRunFileMonitor
if $syslogtag contains 'nginx_log' and $syslogfacility-text == 'local7' then ^/path/to/piwik.sh;nginxlog
:syslogtag, contains, "nginx_log" ~