#2440 closed enhancement (worksforme)
Log new connections immediately when established
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.23.x |
| Keywords: | log, stream, connection, proxy | Cc: | pgassmann@… |
| uname -a: | Linux c27b84e2b483 5.4.0-136-generic #153-Ubuntu SMP Thu Nov 24 15:56:58 UTC 2022 x86_64 Linux | ||
| nginx -V: |
nginx version: nginx/1.23.3
built by gcc 12.2.1 20220924 (Alpine 12.2.1_git20220924-r4) built with OpenSSL 3.0.7 1 Nov 2022 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fomit-frame-pointer -g' --with-ld-opt=-Wl,--as-needed,-O1,--sort-common |
||
Description (last modified by )
We use nginx stream for tcp TLS termination.
The connections are long running.
nginx logs only once a connection is closed. (when a request is completed).
For our purposes it would be useful if a new connection is immediately logged with the client ip, server, port. so we can correlate that to other events on the backend where we cannot see the client ip.
How can we do that with nginx?
The only workaround I found would be to use proxy protocol and log new connections on the backend.
Implementing a proxy protocol wrapper on the backend just to log the client ip is complicated and also not always possible.
Attachments (1)
Change History (4)
by , 15 months ago
| Attachment: | nginx.conf added |
|---|
comment:1 by , 15 months ago
| Description: | modified (diff) |
|---|
comment:2 by , 15 months ago
| Component: | documentation → nginx-module |
|---|---|
| Resolution: | → worksforme |
| Status: | new → closed |
| Type: | task → enhancement |
For access logging, as configured with the access_log directive, nginx follows the same model as for HTTP access logs for requests: stream sessions are logged with all the details, including bytes sent and received, when the session is closed.
However, all connection events in the stream module are logged to the error log at the info level. In particular, a typical proxied connection will be logged as follows:
2023/01/23 20:33:34 [info] 21515#100071: *1 client 127.0.0.1:14395 connected to 0.0.0.0:9000 2023/01/23 20:33:34 [info] 21515#100071: *1 proxy 127.0.0.1:57011 connected to 127.0.0.1:8080 2023/01/23 20:33:35 [info] 21515#100071: *1 upstream disconnected, bytes from/to client:3/309, bytes from/to upstream:309/3
This seems to be exactly equivalent to what you are asking about.
comment:3 by , 15 months ago
Thank you for the fast reply. I enabled the info level for the error log and it works for that purpose. The levels of error_log are not explained in the docs. Also if it was called event_log, that would better describe the purpose ;-)
Another problem I noticed regarding long running connections:
When nginx (docker container) is restarted, the active connections are not terminated and logged in access_log before the log ends.
nginx.conf for stream tls termination