Hi all.
I am logging to syslog with the following configuration:
log_format custom '$remote_addr $remote_user '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" UPSTREAM: $upstream_addr SSL: $ssl_protocol $ssl_cipher $ssl_session_reused TIME: $request_time';
access_log syslog:server=localhost,facility=local2 custom;
error_log syslog:server=localhost,facility=local1 info;
Access.log entries looks like this:
Feb 19 10:39:50 localhost nginx: 192.168.11.18 - "GET /%%% HTTP/1.1" 400 166 "-" "-" UPSTREAM: - SSL: TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 r TIME: 0.008
And error.log entries looks like this:
Feb 19 10:39:19 localhost nginx: 2015/02/19 10:39:19 [info] 53270#0: *1032 client sent invalid request while reading client request line, client: 192.168.11.18, server: payment.architrade.com, request: "GET /%%% HTTP/1.1"
As you can see, the error log has two timestamps. How do I get rid of the one? My rsyslog-conf is handling local1 and local2 the same way, so I am thinking, since error_log directive has no log_format, nginx sends over a timestamp by default.