Instantly share code, notes, and snippets.

What would you like to do?
Configure AWS Elastic Beanstalk syslog to poll nginx logs (in order to send them to loggly)
# configure rsyslogd to include logfiles from nginx/apache
# needs 010_loggly.config
# Save this file as .ebextensions/015_nginx-loggly.config
# replace TOKEN
# Deploy per normal scripts or aws.push. To help debug the push, ssh & tail /var/log/cfn-init.log
# See Also /var/log/eb-tools.log
"/etc/rsyslog.d/21-nginx-loggly.conf" :
mode: "000644"
owner: root
group: root
content: |
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# nginx access file:
$InputFileName /var/log/nginx/access.log
$InputFileTag nginx-access:
$InputFileStateFile stat-nginx-access
$InputFileSeverity info
$InputFilePersistStateInterval 20000
#nginx Error file:
$InputFileName /var/log/nginx/error.log
$InputFileTag nginx-error:
$InputFileStateFile stat-nginx-error
$InputFileSeverity error
$InputFilePersistStateInterval 20000
#Add a tag for nginx events
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [TOKEN@41058 tag=\"nginx\"] %msg%\n"
if $programname == 'nginx-access' then;LogglyFormat
if $programname == 'nginx-access' then ~
if $programname == 'nginx-error' then;LogglyFormat
if $programname == 'nginx-error' then ~
command: su --session-command="mkdir -p /var/spool/rsyslog"
ignoreErrors: true
ensureRunning: true
files: "/etc/rsyslog.d/21-apache-loggly.conf"

This comment has been minimized.

Copy link

benyitzhaki commented Jul 26, 2015

hi thanks, where can i get 010_loggly.config ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment