当然，你可以使用filebeat, logstash, fluentd等，但相比之下rsyslog是系统自带的，资源占用低

第一种方法，配置 nginx

https://nginx.org/en/docs/syslog.html

vi /etc/nginx/nginx.conf
    # access_log  /var/log/nginx/access.log  main;
    access_log syslog:server=logstash:514,facility=local7,tag=nginx_access_log,severity=info;
    error_log syslog:server=logstash:514,facility=local7,tag=nginx_error_log,severity=info;

service nginx reload

第二种方法，配置 rsyslog

cd /etc/rsyslog.d
vi nginx-log.conf
$ModLoad imfile
$InputFilePollInterval 1
$WorkDirectory /var/spool/rsyslog
$PrivDropToGroup adm

##Nginx访问日志文件路径，根据实际情况修改:
$InputFileName /var/log/nginx/access.log
$InputFileTag nginx-access:
$InputFileStateFile stat-nginx-access
$InputFileSeverity info
$InputFilePersistStateInterval 25000
$InputRunFileMonitor

##Nginx错误日志文件路径，根据实际情况修改:
$InputFileName /var/log/nginx/error.log
$InputFileTag nginx-error:
$InputFileStateFile stat-nginx-error
$InputFileSeverity error
$InputFilePersistStateInterval 25000
$InputRunFileMonitor

#日志输出到logstash
*.* @logstash:514

保存后，重启rsyslog使生效 service rsyslog restart

logstash 输入配置

input {
    syslog{
        type => "system-syslog"
        port => 514
    }
}

https://www.cnblogs.com/xiejava/p/12452434.html