Firstly, we need to consider where we're pushing the logs to, syslog can be both local and network-based, so we'll cover both ways. For nearly all Linux distributions, the default syslog service is rsyslog which will be listening on the Unix socket located at /dev/log. Here's our NGINX configuration for local logging:
server {
listen 80;
server_name syslog.nginxcookbook.com;
access_log syslog:server=unix:/dev/log;
error_log syslog:server=unix:/dev/log;
location /favicon.ico { access_log off; log_not_found off; }
root /var/www;
}
The handling of the logs will now be done by rsyslog. By default, this will match the wildcard rule and write the log entries to /var/log/syslog for Debian- / Ubuntu-based systems and /var/log/messages for CentOS- / RedHat-based distributions.
We can confirm it's working as expected by viewing the last line in our syslog after accessing the website:
tail -n 1 /var/log/syslog
Jun 22 23:40:53 nginx-220-ubuntu nginx-220-ubuntu nginx:
106.71.217.155 - - [22/Jun/2016:23:40:53 +1000] "GET / HTTP/1.1" 200
192 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"