Opened 3 years ago
Closed 3 years ago
#2181 closed defect (invalid)
Custom access log is not working when error occurs.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.19.x |
| Keywords: | Cc: | ||
| uname -a: | Ubuntu 18.04 64 bit | ||
| nginx -V: | 1.16.1 and 1.20.0 | ||
Description
Hi,
I want to do custom logging. When I have URI containing “A”( as shown in example config below).
Example:
http{
…..
access.log /var/log/nginx/access.log main;
error.log /var/log/nginx/error.log warn;
….
server{
….
location ~ A {
access.log /var/log/nginx/custom_access.log main;
error.log /var/log/nginx/custom_error.log warn;
}
}
Problem:
When an API error occurs, it doesn’t log to custom_access.log. however entry is done in default access.log
Nginx version: observed on both 1.16.1 and 1.20.0
OS Version : Ubuntu 18.04
(Both cases have “A” in them and goes into location)
Case 1: When the request doesn’t contain error:- access log will go to custom_access.log (expected behavior)
Case 2: When the request has error:- error log will go to custom_error.log AND access log to (default) access.log instead of custom_access.log.
How do I fix this?
Attachments (5)
Change History (10)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
An API Error occurs means when we try the following API, it return http error code 400.
REQUEST
curl --location --insecure --verbose --request POST 'https://171.0.2.216/A/v1.04/auth' \
--header 'Content-Type: application/json' \
--data-raw '{"Data":{""}'
RESPONSE
upload completely sent off: 12 out of 12 bytes
< HTTP/1.1 400 Bad Request
< Server: nginx
< Date: Fri, 14 May 2021 07:26:38 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: close
access.log
{ "time":"14/May/2021:13:04:42 +0530", "asp-ip":"172.25.0.252", "request":"POST /A/v1.04/auth HTTP/1.1", "status":"400", "size":"221", "req_id":"", "req_duration":"0.000", "response_duration":"", "loggable":"","customerLogging": "" }
custom_error.log
2021/05/14 13:04:42 [error] 5391#0: *47 NAXSI_FMT: ip=171.0.0.250&server=171.0.2.216&uri=/A/v1.04/auth&learning=0&vers=0.56&total_processed=1&total_blocked=1&block=1&zone0=BODY&id0=15&var_name0=&zone1=BODY&id1=15&var_name1=, client: 171.0.0.252, server: as1.api.vic.net, request: "POST /A/v1.04/auth HTTP/1.1", host: "171.0.2.216"
custom_access.log
No Entry occured
NOTE : Http Error 400 is expected as we are testing a negative case to fail this API.
The problem is "there is no entry made in custom_access.log". However, the entry goes to default access.log.
comment:3 by , 3 years ago
So, it looks like the error 400 is generated by naxsi, likely per
include naxsi.rules;
in the localhost.conf configuration file.
What's in
include /etc/nginx/errors.conf;
as used in the localhost.conf configuration file?
Note that an easy way to obtain full configuration with all included files is to capture nginx -T output, see here.
by , 3 years ago
| Attachment: | errors.conf added |
|---|
by , 3 years ago
| Attachment: | naxsi.rules added |
|---|
by , 3 years ago
| Attachment: | naxsi_core.rules added |
|---|
comment:4 by , 3 years ago
Hi Maxim,
Thanks for looking into this issue... Please find rest of the files included attached...
error.conf, naxi.rules, naxi_core.rules...
Other files included like 400.json,403.json, 408.json, 429.json 500.json, 502.json, 503.json and 504.json are empty files. These don't have any configuration.
Hope this helps..... Please do let me know if anything else is required... and you want me to look at..
comment:5 by , 3 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
So you have the following in your errors.conf configuration file:
error_page 400 /400.json;
...
location = /400.json {
add_header x-ally-err '400 vic::vic/app' always;
add_header x-ally-ext-err 'VIC-Waf-BadRequest' always;
add_header cl_conn_ctx $http_cl_conn_ctx always;
root /etc/nginx/errors-files/;
internal;
}
Given that the 400 error is generated by NASXI, the request processing is internally redirected to /400.json, which is handled in a separate location with its own logging configuration. Since there is no access_log defined in this location, the request is logged to the access logs inherited from the http level. That is, everything works as configured.
If you want nginx to log all errors happening during processing of a request inside a specific location to the custom log, you should either avoid redirecting these errors to different locations, or provide a separate error redirection for the location, also using the custom log. For example:
access_log default.log;
error_page 400 /400.html;
location / {
# here is a normal location with default logging and error pages
...
}
location = /400.html {
# default error page
...
}
location ~ foo {
# location with custom logging
access_log custom.log;
error_page 400 /custom/400.html;
...
}
location = /custom/400.html {
# custom error page with custom logging
access_log custom.log;
...
}
Hope this helps. If you have further questions on how to configure nginx, consider using the support options available.
Please define "when an API error occurs". It might be also helpful if you'll provide some example log lines, as well as full configuration which experience the issue.