Opened 5 months ago

Closed 5 months ago

#2181 closed defect (invalid)

Custom access log is not working when error occurs.

Reported by: pandey.brbhushan@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.19.x
Keywords: Cc:
uname -a: Ubuntu 18.04 64 bit
nginx -V: 1.16.1 and 1.20.0

Description

Hi,

I want to do custom logging. When I have URI containing “A”( as shown in example config below).

Example:
http{
…..
access.log /var/log/nginx/access.log main;
error.log /var/log/nginx/error.log warn;
….

server{
….
location ~ A {

access.log /var/log/nginx/custom_access.log main;
error.log /var/log/nginx/custom_error.log warn;

}

}

Problem:
When an API error occurs, it doesn’t log to custom_access.log. however entry is done in default access.log

Nginx version: observed on both 1.16.1 and 1.20.0
OS Version : Ubuntu 18.04

(Both cases have “A” in them and goes into location)
Case 1: When the request doesn’t contain error:- access log will go to custom_access.log (expected behavior)
Case 2: When the request has error:- error log will go to custom_error.log AND access log to (default) access.log instead of custom_access.log.

How do I fix this?

Attachments (5)

nginx.conf (2.4 KB ) - added by pandey.brbhushan@… 5 months ago.
Nginx Configuration
localhost.conf (2.7 KB ) - added by pandey.brbhushan@… 5 months ago.
Nginx localhost Configuration
errors.conf (2.3 KB ) - added by pandey.brbhushan@… 5 months ago.
naxsi.rules (257 bytes ) - added by pandey.brbhushan@… 5 months ago.
naxsi_core.rules (5.7 KB ) - added by pandey.brbhushan@… 5 months ago.

Download all attachments as: .zip

Change History (10)

comment:1 by Maxim Dounin, 5 months ago

Please define "when an API error occurs". It might be also helpful if you'll provide some example log lines, as well as full configuration which experience the issue.

comment:2 by pandey.brbhushan@…, 5 months ago

An API Error occurs means when we try the following API, it return http error code 400.

REQUEST
curl --location --insecure --verbose --request POST 'https://171.0.2.216/A/v1.04/auth' \
--header 'Content-Type: application/json' \
--data-raw '{"Data":{""}'

RESPONSE

upload completely sent off: 12 out of 12 bytes

< HTTP/1.1 400 Bad Request
< Server: nginx
< Date: Fri, 14 May 2021 07:26:38 GMT
< Content-Type: application/json
< Content-Length: 0
< Connection: close

access.log
{​​ "time":"14/May/2021:13:04:42 +0530", "asp-ip":"172.25.0.252", "request":"POST /A/v1.04/auth HTTP/1.1", "status":"400", "size":"221", "req_id":"", "req_duration":"0.000", "response_duration":"", "loggable":"","customerLogging": "" }​​

custom_error.log
2021/05/14 13:04:42 [error] 5391#0: *47 NAXSI_FMT: ip=171.0.0.250&server=171.0.2.216&uri=/A/v1.04/auth&learning=0&vers=0.56&total_processed=1&total_blocked=1&block=1&zone0=BODY&id0=15&var_name0=&zone1=BODY&id1=15&var_name1=, client: 171.0.0.252, server: as1.api.vic.net, request: "POST /A/v1.04/auth HTTP/1.1", host: "171.0.2.216"

custom_access.log
No Entry occured

NOTE : Http Error 400 is expected as we are testing a negative case to fail this API.

The problem is "there is no entry made in custom_access.log". However, the entry goes to default access.log.

by pandey.brbhushan@…, 5 months ago

Attachment: nginx.conf added

Nginx Configuration

by pandey.brbhushan@…, 5 months ago

Attachment: localhost.conf added

Nginx localhost Configuration

comment:3 by Maxim Dounin, 5 months ago

So, it looks like the error 400 is generated by naxsi, likely per

   include                 naxsi.rules;

in the localhost.conf configuration file.

What's in

   include                 /etc/nginx/errors.conf;

as used in the localhost.conf configuration file?

Note that an easy way to obtain full configuration with all included files is to capture nginx -T output, see here.

by pandey.brbhushan@…, 5 months ago

Attachment: errors.conf added

by pandey.brbhushan@…, 5 months ago

Attachment: naxsi.rules added

by pandey.brbhushan@…, 5 months ago

Attachment: naxsi_core.rules added

comment:4 by pandey.brbhushan@…, 5 months ago

Hi Maxim,

Thanks for looking into this issue... Please find rest of the files included attached...
error.conf, naxi.rules, naxi_core.rules...

Other files included like 400.json,403.json, 408.json, 429.json 500.json, 502.json, 503.json and 504.json are empty files. These don't have any configuration.

Hope this helps..... Please do let me know if anything else is required... and you want me to look at..

comment:5 by Maxim Dounin, 5 months ago

Resolution: invalid
Status: newclosed

So you have the following in your errors.conf configuration file:

error_page 400 /400.json;
...
location = /400.json {
    add_header x-ally-err '400 vic::vic/app' always;
    add_header x-ally-ext-err  'VIC-Waf-BadRequest' always;
    add_header cl_conn_ctx $http_cl_conn_ctx always;
    root /etc/nginx/errors-files/;
    internal;
}

Given that the 400 error is generated by NASXI, the request processing is internally redirected to /400.json, which is handled in a separate location with its own logging configuration. Since there is no access_log defined in this location, the request is logged to the access logs inherited from the http level. That is, everything works as configured.

If you want nginx to log all errors happening during processing of a request inside a specific location to the custom log, you should either avoid redirecting these errors to different locations, or provide a separate error redirection for the location, also using the custom log. For example:

access_log default.log; 
error_page 400 /400.html;

location / {
    # here is a normal location with default logging and error pages
    ...
}

location = /400.html {
    # default error page
    ...
}

location ~ foo {
    # location with custom logging
    access_log custom.log;
    error_page 400 /custom/400.html;
    ...
}

location = /custom/400.html {
    # custom error page with custom logging
    access_log custom.log;
    ...
}

Hope this helps. If you have further questions on how to configure nginx, consider using the support options available.

Note: See TracTickets for help on using tickets.