Opened 3 weeks ago
Closed 3 weeks ago
#2646 closed defect (invalid)
access_log syslog message length
| Reported by: | Vladimir | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.24.x |
| Keywords: | Cc: | ||
| uname -a: | Linux astra 6.1.50-1-generic #astra2+ci6 SMP PREEMPT_DYNAMIC Fri Oct 6 14:38:42 UTC 2023 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.24.0
built by gcc 8.3.0 (AstraLinuxSE 8.3.0-6) built with OpenSSL 1.1.1n 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/share/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=www --group=www --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-stream=dynamic --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_image_filter_module=dynamic --with-cc-opt='-g -O2 -fdebug-prefix-map=/usr/local/src/nginx-1.24=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-module=/usr/local/src/nginx-module-vts-0.2.2 |
||
Description
Hello!
I use 2 types of logs, one directly to a file, there are no problems with it.
The second log is sending data to ELK using the syslog method. Everything was fine until I included requests in the log POST, they are quite large, and some of them are truncated, despite the fact that in a regular log file, which is written in parallel, this message is not truncated.
I tried to use buffer increase buffer=64k in the configuration file, but waiting for syslog it did not work, it showed that this was not possible.
Perhaps this is not an error, you need to increase the buffer somewhere for sending messages that are sent by the syslog method, but I could not find this in the documentation. Presumably, somewhere there is a message size limit of 8k.
Can you please tell me the solution to this problem?
Thank you!
online_access.log:
"statistics=%7B%22envelopes%22%*bigmessage*22%3A%22aIdEditCopy%22%2C%22secsFromStart%22%3A2595%2C%22tab%22%3A4%7D%2C%22timestamp%22%3A1717362074017%7D%5D%2C%22timestamp%22%3A1717362074021%7D&rnd=Ft85pw"
syslog:
"statistics=%7B%22envelopes%22%*bigmessage*22%3A%22aIdEditCopy%22%2C%22secsFromStart%2
*
access_log /var/log/nginx/online_access.log constime;
access_log syslog:server=elk:9102,tag=Nginx,severity=info constime;
*
Change History (3)
follow-up: 2 comment:1 by , 3 weeks ago
comment:2 by , 3 weeks ago
Replying to Roman Arutyunyan:
When sending a log message to syslog, UDP protocol is used. The length of a single log entry is limited by the interface MTU, which is presumably 8k on your system.
Please tell me how to increase it in Linux?
comment:3 by , 3 weeks ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
You can google that easily. However I doubt you can increase it unless it's a loopback interface.
When sending a log message to syslog, UDP protocol is used. The length of a single log entry is limited by the interface MTU, which is presumably 8k on your system.