Opened 3 years ago

Closed 3 years ago

#2181 closed defect (invalid)

Custom access log is not working when error occurs.

Reported by: pandey.brbhushan@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.19.x
Keywords: Cc:
uname -a: Ubuntu 18.04 64 bit
nginx -V: 1.16.1 and 1.20.0

Description

Hi,

I want to do custom logging. When I have URI containing “A”( as shown in example config below).

Example:
http{
…..
access.log /var/log/nginx/access.log main;
error.log /var/log/nginx/error.log warn;
….

server{
….
location ~ A {

access.log /var/log/nginx/custom_access.log main;
error.log /var/log/nginx/custom_error.log warn;

}

}

Problem:
When an API error occurs, it doesn’t log to custom_access.log. however entry is done in default access.log

Nginx version: observed on both 1.16.1 and 1.20.0
OS Version : Ubuntu 18.04

(Both cases have “A” in them and goes into location)
Case 1: When the request doesn’t contain error:- access log will go to custom_access.log (expected behavior)
Case 2: When the request has error:- error log will go to custom_error.log AND access log to (default) access.log instead of custom_access.log.

How do I fix this?

Attachments (5)

nginx.conf (2.4 KB ) - added by pandey.brbhushan@… 3 years ago.
Nginx Configuration
localhost.conf (2.7 KB ) - added by pandey.brbhushan@… 3 years ago.
Nginx localhost Configuration
errors.conf (2.3 KB ) - added by pandey.brbhushan@… 3 years ago.
naxsi.rules (257 bytes ) - added by pandey.brbhushan@… 3 years ago.
naxsi_core.rules (5.7 KB ) - added by pandey.brbhushan@… 3 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 by Maxim Dounin, 3 years ago

Please define "when an API error occurs". It might be also helpful if you'll provide some example log lines, as well as full configuration which experience the issue.

comment:2 by pandey.brbhushan@…, 3 years ago

An API Error occurs means when we try the following API, it return http error code 400.

REQUEST
curl --location --insecure --verbose --request POST 'https://171.0.2.216/A/v1.04/auth' \
--header 'Content-Type: application/json' \
--data-raw '{"Data":{""}'

RESPONSE

upload completely sent off: 12 out of 12 bytes

< HTTP/1.1 400 Bad Request
< Server: nginx
< Date: Fri, 14 May 2021 07:26:38 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: close

access.log
{​​ "time":"14/May/2021:13:04:42 +0530", "asp-ip":"172.25.0.252", "request":"POST /A/v1.04/auth HTTP/1.1", "status":"400", "size":"221", "req_id":"", "req_duration":"0.000", "response_duration":"", "loggable":"","customerLogging": "" }​​

custom_error.log
2021/05/14 13:04:42 [error] 5391#0: *47 NAXSI_FMT: ip=171.0.0.250&server=171.0.2.216&uri=/A/v1.04/auth&learning=0&vers=0.56&total_processed=1&total_blocked=1&block=1&zone0=BODY&id0=15&var_name0=&zone1=BODY&id1=15&var_name1=, client: 171.0.0.252, server: as1.api.vic.net, request: "POST /A/v1.04/auth HTTP/1.1", host: "171.0.2.216"

custom_access.log
No Entry occured

NOTE : Http Error 400 is expected as we are testing a negative case to fail this API.

The problem is "there is no entry made in custom_access.log". However, the entry goes to default access.log.

by pandey.brbhushan@…, 3 years ago

Attachment: nginx.conf added

Nginx Configuration

by pandey.brbhushan@…, 3 years ago

Attachment: localhost.conf added

Nginx localhost Configuration

comment:3 by Maxim Dounin, 3 years ago

So, it looks like the error 400 is generated by naxsi, likely per

   include                 naxsi.rules;

in the localhost.conf configuration file.

What's in

   include                 /etc/nginx/errors.conf;

as used in the localhost.conf configuration file?

Note that an easy way to obtain full configuration with all included files is to capture nginx -T output, see here.

by pandey.brbhushan@…, 3 years ago

Attachment: errors.conf added

by pandey.brbhushan@…, 3 years ago

Attachment: naxsi.rules added

by pandey.brbhushan@…, 3 years ago

Attachment: naxsi_core.rules added

comment:4 by pandey.brbhushan@…, 3 years ago

Hi Maxim,

Thanks for looking into this issue... Please find rest of the files included attached...
error.conf, naxi.rules, naxi_core.rules...

Other files included like 400.json,403.json, 408.json, 429.json 500.json, 502.json, 503.json and 504.json are empty files. These don't have any configuration.

Hope this helps..... Please do let me know if anything else is required... and you want me to look at..

comment:5 by Maxim Dounin, 3 years ago

Resolution: invalid
Status: newclosed

So you have the following in your errors.conf configuration file:

error_page 400 /400.json;
...
location = /400.json {
    add_header x-ally-err '400 vic::vic/app' always;
    add_header x-ally-ext-err  'VIC-Waf-BadRequest' always;
    add_header cl_conn_ctx $http_cl_conn_ctx always;
    root /etc/nginx/errors-files/;
    internal;
}

Given that the 400 error is generated by NASXI, the request processing is internally redirected to /400.json, which is handled in a separate location with its own logging configuration. Since there is no access_log defined in this location, the request is logged to the access logs inherited from the http level. That is, everything works as configured.

If you want nginx to log all errors happening during processing of a request inside a specific location to the custom log, you should either avoid redirecting these errors to different locations, or provide a separate error redirection for the location, also using the custom log. For example:

access_log default.log; 
error_page 400 /400.html;

location / {
    # here is a normal location with default logging and error pages
    ...
}

location = /400.html {
    # default error page
    ...
}

location ~ foo {
    # location with custom logging
    access_log custom.log;
    error_page 400 /custom/400.html;
    ...
}

location = /custom/400.html {
    # custom error page with custom logging
    access_log custom.log;
    ...
}

Hope this helps. If you have further questions on how to configure nginx, consider using the support options available.

Note: See TracTickets for help on using tickets.