[PATCH 1 of 2] HTTP: Add client source port to any error that is logged

Maxim Dounin mdounin at mdounin.ru
Thu Apr 24 18:26:07 UTC 2014


On Thu, Apr 24, 2014 at 11:06:29AM -0700, Quanah Gibson-Mount wrote:

> --On April 24, 2014 at 9:56:48 PM +0400 Maxim Dounin <mdounin at mdounin.ru>
> wrote:
> >>$remote_port in the log format section only covers errors logged to the
> >>access log, it does not cover errors in the error log.  The submitted
> >>patch handles the error log.
> >
> >I understand the difference, thank you.
> >
> >The ticket in question only talked about error_log in context of
> >mail module, where is no separate access logging to meet the
> >alleged regulations.
> Yes, that is true, but why only implement a partial solution?  With CGN,
> only logging the IP is fairly useless in all cases.  To truly get useful
> information going forward, the IP + PORT of the client should logged in all
> cases.

Access log certainly can be configured to provide enough 
enformation to match any given error log message to a port if 
needed.  There is no need to implement anything, solution is 
already here.

And, by asking about "why implement a partical solution" you are 
overlooking the fact that proposed solution is partial as well - 
it doesn't change c->addr_text to ensure proper logging in all 
places (this would be a bad idea for other reasons, but it's 
another question), but rather tries to hack on the http error 
logging code to introduce remote port logging.  This is far from 
being a complete solution.

Maxim Dounin

More information about the nginx-devel mailing list