set up syslog-ng for nginx access log

This sets up the infrastructure for moving from storing nginx access logs in journald to plain text files written by syslog-ng and rotated by logrotate. This works around the poor performance, poor space efficiency and lack of archived log compression for journald. Unlike writing access logs directly with nginx, this continues avoiding blocking writes in the event loop and sticks to asynchronous sends through a socket. Since nginx only supports syslog via the RFC 3164 protocol rather than the more modern RFC 5424 protocol, this leaves formatting timestamps up to nginx rather than using the ones provided via the syslog protocol.
2025-11-25 01:03:06 -05:00 · 2025-11-01 21:09:05 -04:00 · 2025-11-01 21:09:05 -04:00 · 2caa67529a
commit 2caa67529a
parent 97d55a130e
31 changed files with 81 additions and 1 deletions
--- a/5
+++ b/5
@ -15,10 +15,13 @@ for host in ${hosts_web[@]}; do
    rsync etc/systemd/system/{session-ticket-keys-create.service,session-ticket-keys-rotate.service,session-ticket-keys-rotate.timer} $remote:/etc/systemd/system/
    rsync --chmod=755 session-ticket-keys-create session-ticket-keys-rotate $remote:/usr/local/bin/
    rsync -r --delete etc/systemd/system/nginx.service.d/ $remote:/etc/systemd/system/nginx.service.d
+    rsync etc/syslog-ng/syslog-ng.conf $remote:/etc/syslog-ng/syslog-ng.conf
+    rsync etc/logrotate.d/nginx $remote:/etc/logrotate.d/nginx

    ssh $remote "mkdir -pm755 /var/cache/nginx
 groupadd -fg 2100 tls
 mkdir -p -m 750 /etc/session-ticket-keys && chgrp tls /etc/session-ticket-keys
 systemctl daemon-reload &&
-systemctl enable --now session-ticket-keys-create.service session-ticket-keys-rotate.timer nginx.service"
+systemctl enable --now session-ticket-keys-create.service session-ticket-keys-rotate.timer syslog-ng@default.service nginx.service
+syslog-ng-ctl reload"
 done