Opened 7 months ago

Closed 7 months ago

#2646 closed defect (invalid)

access_log syslog message length

Reported by: Vladimir Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.24.x
Keywords: Cc:
uname -a: Linux astra 6.1.50-1-generic #astra2+ci6 SMP PREEMPT_DYNAMIC Fri Oct 6 14:38:42 UTC 2023 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.24.0
built by gcc 8.3.0 (AstraLinuxSE 8.3.0-6)
built with OpenSSL 1.1.1n 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/share/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=www --group=www --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-stream=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_image_filter_module=dynamic --with-cc-opt='-g -O2 -fdebug-prefix-map=/usr/local/src/nginx-1.24=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-module=/usr/local/src/nginx-module-vts-0.2.2

Description

Hello!
I use 2 types of logs, one directly to a file, there are no problems with it.
The second log is sending data to ELK using the syslog method. Everything was fine until I included requests in the log POST, they are quite large, and some of them are truncated, despite the fact that in a regular log file, which is written in parallel, this message is not truncated.
I tried to use buffer increase buffer=64k in the configuration file, but waiting for syslog it did not work, it showed that this was not possible.
Perhaps this is not an error, you need to increase the buffer somewhere for sending messages that are sent by the syslog method, but I could not find this in the documentation. Presumably, somewhere there is a message size limit of 8k.
Can you please tell me the solution to this problem?
Thank you!
online_access.log:
"statistics=%7B%22envelopes%22%*bigmessage*22%3A%22aIdEditCopy%22%2C%22secsFromStart%22%3A2595%2C%22tab%22%3A4%7D%2C%22timestamp%22%3A1717362074017%7D%5D%2C%22timestamp%22%3A1717362074021%7D&rnd=Ft85pw"

syslog:
"statistics=%7B%22envelopes%22%*bigmessage*22%3A%22aIdEditCopy%22%2C%22secsFromStart%2

*
access_log /var/log/nginx/online_access.log constime;
access_log syslog:server=elk:9102,tag=Nginx,severity=info constime;
*

Change History (3)

comment:1 by Roman Arutyunyan, 7 months ago

When sending a log message to syslog, UDP protocol is used. The length of a single log entry is limited by the interface MTU, which is presumably 8k on your system.

in reply to:  1 comment:2 by Vladimir, 7 months ago

Replying to Roman Arutyunyan:

When sending a log message to syslog, UDP protocol is used. The length of a single log entry is limited by the interface MTU, which is presumably 8k on your system.

Please tell me how to increase it in Linux?

comment:3 by Roman Arutyunyan, 7 months ago

Resolution: invalid
Status: newclosed

You can google that easily. However I doubt you can increase it unless it's a loopback interface.

Note: See TracTickets for help on using tickets.