[PATCH 1 of 2] HTTP: Add client source port to any error that is logged

Quanah Gibson-Mount quanah at zimbra.com
Thu Apr 24 23:37:31 UTC 2014



--On April 24, 2014 at 10:26:07 PM +0400 Maxim Dounin <mdounin at mdounin.ru> 
wrote:

>> Yes, that is true, but why only implement a partial solution?  With CGN,
>> only logging the IP is fairly useless in all cases.  To truly get useful
>> information going forward, the IP + PORT of the client should logged in
>> all cases.
>
> Access log certainly can be configured to provide enough
> enformation to match any given error log message to a port if
> needed.  There is no need to implement anything, solution is
> already here.

The error log currently only provides the IP.  While I'm guessing you could 
do things like correlate timestamps, it's still going to be a pain. Having 
the port readily available everywhere makes tracking a specific user much 
easier to do.

> And, by asking about "why implement a partical solution" you are
> overlooking the fact that proposed solution is partial as well -
> it doesn't change c->addr_text to ensure proper logging in all
> places (this would be a bad idea for other reasons, but it's
> another question), but rather tries to hack on the http error
> logging code to introduce remote port logging.  This is far from
> being a complete solution.

I'm certainly willing to address any deficiencies, but I'd want to make 
sure it would follow whatever you want in the product before investing more 
time on it. ;)  For now it meets the needs of our customer in Belgium who 
has to start dealing with the legal requirements of client port logging 
sooner than later.

--Quanah

-- 
Quanah Gibson-Mount
Server Architect
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



More information about the nginx-devel mailing list