From 39b6de58dda784d5ebe88f0d444e325f57b21de1 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Mon, 3 Nov 2025 11:38:52 -0500
Subject: [PATCH] syslog-ng: add socket for nginx error logs

The error log is fairly quiet during regular use but can end up logging
one or more lines per request during DDoS attacks. Errors are logged for
worker_connections depletion and limit_conn rejections. There's also
currently an nginx bug with modern TLS and OpenSSL causing some client
side TLS errors to be logged as crit instead of info.
---
 etc/syslog-ng/syslog-ng.conf | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/etc/syslog-ng/syslog-ng.conf b/etc/syslog-ng/syslog-ng.conf
index 050df08..40046c7 100644
--- a/etc/syslog-ng/syslog-ng.conf
+++ b/etc/syslog-ng/syslog-ng.conf
@@ -3,24 +3,34 @@
 source s_internal {
     internal();
 };
-source s_nginx_access_log {
+source s_nginx_access {
     unix-dgram("/run/nginx-access-log" group("http") perm(0660));
 };
+source s_nginx_error {
+    unix-dgram("/run/nginx-error-log" group("http") perm(0660));
+};
 
 destination d_journald {
     unix-dgram("/dev/log");
 };
-destination d_nginx {
+destination d_nginx_access {
     file("/var/log/nginx/access.log" template("${MESSAGE}\n"));
 };
+destination d_nginx_error {
+    file("/var/log/nginx/error.log" template("${MESSAGE}\n"));
+};
 
 log {
     source(s_internal);
     destination(d_journald);
 };
 log {
-    source(s_nginx_access_log);
-    destination(d_nginx);
+    source(s_nginx_access);
+    destination(d_nginx_access);
+};
+log {
+    source(s_nginx_error);
+    destination(d_nginx_error);
 };
 
 options {