Recently I’ve been tasked with creating a central syslog server. These are very useful when one maintain couple of boxes (or couple hundred and more) as it can provide a single point of checking out on what’s up with the machines. If it’s combined properly with metrics it serves as a super-boosting way of maintaining the overview of the entire infrastructure.
When it comes to NGINX, it defaults to storing log files in plain text. It’s a sane default and I don’t see a good reason to ship it in any other fashion. However, sometimes the needs change. It was the case for me — I’m using rsyslog1 for all of the OS logs and it felt natural to me to have NGINX invited to join the party. As rsyslog client is pushing all of its logs further to the centralized server part already, I wanted to have NGINX logs included in the stream.