Disable nginx access log (to remote syslog server)
-
Hi,
I have pfSense set up to send syslog information to a remote syslog server - in general it's working fine, no issues. But ... nginx is sending a LOT of traffic across (e.g. ~ 2400 messages in 2 hours), and this is all just for accesses (i.e. access log). I'd like to disable this particular item, and I think the file I need to mess with is /var/etc/syslog.d/pfSense.conf ... but I admit, I'm not real familiar with the syntax of this file. Has anyone had any luck configuring this?
Thanks in advance for any pointers!
-
True, these "access logs" are not really needed and do pollute de remote log.
@arrmo said in Disable nginx access log (to remote syslog server):
/var/etc/syslog.d/pfSense.conf
Noop.
This is the one that controls syslogd : /etc/syslog.conf
It's build here 985 -> 1080 in /etc/inc/system.incI tried to rebuild somewhat the last statement :
Mine is :*.* @192.168.1.4so it excludes logs from 'nginx' as a program, or "Local5" as the facility, but no access.
It's also possible to inform nginx to shut up. See line 1447 :
access_log syslog:server=unix:/var/run/log,facility=local5 combined;in the same system.inc file.
What somewhat seem to work without any pfSense file edits :
Another solution : On the remote site, filter out Local5.Info messages
-
@Gertjan said in Disable nginx access log (to remote syslog server):
True, these "access logs" are not really needed and do pollute de remote log.
@arrmo said in Disable nginx access log (to remote syslog server):
/var/etc/syslog.d/pfSense.conf
Noop.
This is the one that controls syslogd : /etc/syslog.confYes, agree with you! I was thinking filtering at syslog, but I like your idea better
It's build here 985 -> 1080 in /etc/inc/system.inc
I tried to rebuild somewhat the last statement :
Mine is :*.* @192.168.1.4so it excludes logs from 'nginx' as a program, or "Local5" as the facility, but no access.
OK, you lost me there, sorry. With
*.*... everything gets sent across, no? I may be missing your point.It's also possible to inform nginx to shut up. See line 1447 :
access_log syslog:server=unix:/var/run/log,facility=local5 combined;in the same system.inc file.
What somewhat seem to work without any pfSense file edits :
Yes, agreed! I like this approach. I changed that line to ,
access_log off;And voila, after a webConfigurator restart (to regenerate the needed files) ... no "noise" from the access log. I think this is the best way to go, agreed?
Another solution : On the remote site, filter out Local5.Info messages
Right, but that still means all those messages going across => lots of bandwidth and horsepower chewed up (for no good reason ... agreed?)
Thanks for the thoughts and pointers - much appreciated!
