Nginx does not support syslog by default, so you have to patch it with a third party module. This snippet relies on that you have configured xstow. See this snippet for instructions on xstow configuration.

   1  cd /tmp
   2  wget http://sysoev.ru/nginx/nginx-0.6.32.tar.gz
   3  tar zxvf nginx-0.6.32.tar.gz
   4  mv nginx-0.6.32 src-0.6.32-orig
   5  wget "http://wiki.codemongers.com/NginxModules?action=AttachFile&do=get&target=syslog.patch" -O syslog.patch
   6  patch -p0 < syslog.patch
   7  cd src-0.6.32-orig
   8  ./configure --prefix=/usr/local/stow/nginx --with-syslog
   9  make
  10  sudo make install
  11  cd /usr/local/stow
  12  sudo xstow nginx

I-am-a-noob-at-syslog-disclaimer: This might be a totally wrong way to configure the server and client(s), so it is subject for refinement. In my experience it works though.

Configuring the client. Add the following lines to the end of /etc/syslog-ng/syslog-ng.conf and restart syslog-ng with /etc/init.d/syslog-ng restart. Nginx logs in facility local5 and the hostname of the loghost is “loghost”. You could just as well use the IP of the loghost.

   1  filter f_local5 { facility(local5); };
   2  destination d_loghost {tcp("loghost" port(514));};
   3  log { source(s_all); filter(f_local5); destination(d_loghost); };

Configuring the server. Add the following lines to the end of /etc/syslog-ng/syslog-ng.conf and restart syslog-ng with /etc/init.d/syslog-ng restart. Also if you run a cluster of nginx servers it might be wise to put all the output in one file, instead of separate files per host.

   1  source s_remote { tcp(); };
   2  destination d_clients { file("/var/log/HOSTS/nginx.$HOST"); };
   3  log { source(s_remote); destination(d_clients); };

Test the logging by running this from the client.

   1  logger -p local5.info Hubbabubba