nginx error logs not sent to mfadmin

[matthieumarrast]

In the nginx configuration (nginx.conf), error_log is configured like that:

error_log stderr error;

so in nginx_error.log we have this kind of log format:

2026/02/27 14:13:16 [alert] 2091165#2091165: worker process 1416961 exited on signal 11 (core dumped)

whereas the access_log is configured with specific format and sending to the vector syslog:

log_format main escape=none '{ "@timestamp": "$time_iso8601", "from": "$remote_addr", "host": "$host", "method": "$request_method", "uri": "$request_uri", "duration": $request_time, "status": $status, "request_length": $request_length, "reply_length": $bytes_sent, "plugin": "$plugin", "request_id": "$proxy_x_request_id"$extra_log_format }';
access_log /dev/stdout main;
access_log syslog:server=127.0.0.1:5145 main;

so in nginx_access.log we have this kind of log format:

{ "@timestamp": "2026-02-26T17:42:03+00:00", "from": "X.X.X.X", "host": "<host>", "method": "GET", "uri": "<uri>", "duration": 0.193, "status": 200, "request_length": 1168, "reply_length": 20088, "plugin": "<plugin>", "request_id": "2d19c99ef414db4bf2076a83055f9a35" }

And we have this vector configuration (vector.toml):

[sources.syslog_nginx]
type = "syslog"
address = "0.0.0.0:5145"
mode = "udp
...
[sinks.elasticsearch_nginx]
type = "elasticsearch"
inputs = ["remove_json_nginx"]
endpoint = "http://172.24.250.77:15603"
index = "nginx-%Y.%m.%d"

So we all of this we notice that only the access log is sent to the elasticsearch index of our mfadmin, not the error log.
We cannot consult/monitor nginx errors in the mfadmin's kibana.

Is there a reason ? can we consider also sending error logs ?