I'm trying to collect customized Nginx access logs via Filebeat using syslog unix socket type.
Filebeat 7.9.2:
- input_type: syslog protocol.unix: path: "/var/log/nginx/nginx.sock"
Nginx 1.15.2:
access_log syslog:server=unix:/var/log/nginx/nginx.sock,tag=nginx_access mycustomformat;
From the Filebeat log I see Input is started successfully:
020-10-21T16:18:24.599+0300 INFO [unix] common/listener.go:87 Started listening for UNIX connection {"address": "/var/log/nginx/nginx.sock"}
Such configuration seems don't work, since in Nginx error.log I see the following:
2020/10/22 10:59:04 [alert] 29709#0: connect() failed (91: Protocol wrong type for socket)
2020/10/22 10:59:04 [warn] 29709#0: *82175 send() to syslog failed while logging request, client: 10.241.71.8, server: localhost, request: "GET /API/heartbeat HTTP/1.0", host: "1.2.3.4:443"
I suspect this issue can be related to https://github.com/elastic/beats/issues/18632 or to https://github.com/fluent/fluent-bit/issues/292 (some socket parameters need to be changed?)