A patch for NGINX's syslog module that supports TCP as a transport layer
While UDP has its advantage as a transport layer with lower overhead, it makes no guarantees about message delivery. For certain use cases, it may not be acceptable to lose logs. Additionally, large logs will cause fragmentation which intermediary networks may block outright, leading to truncated messages.
Note
The provided changes only uphold the same guarantees that TCP offers. In the case of a connection being completely severed, it's the responsibility of the calling module to issue another attempt with the same log.
These changes were prepared against NGINX 1.29.0, but should function on any version going back to 1.23.4.
After applying the patch, access_log or error_log directives in your NGINX configuration file optionally accept a transport parameter:
access_log syslog:server=1.2.3.4:1234,tag=access,transport=tcp;
error_log syslog:server=1.2.3.4:1234,tag=error,transport=tcp error;This can be set to either udp or tcp. When not specified, it defaults to udp.