Error counters in nginx

Alexey Ivanov savetherbtz at gmail.com
Fri Jun 12 10:26:04 UTC 2015


Hi.

I have a feature request: from system administrator point of view it would be nice to have counters for each type of error log message.

For example right now nginx error.log consists of myriad of different error message formats:
	open() “%s” failed
	directory index of “%s” is forbidden
	SSL_write() failed
	SSL_do_handshake()
	zero size but in output chain
	client intended to send too large body

To plot that stuff on a dashboard sysadmin needs to increase error_log verbosity, write custom daemon that tails it and then manually write parser for every “interesting” log entry.
It would be nice if `ngx_log_error()` did all that work for us.

So that one could just specify following config:
	location /error_status {
		error_status_format csv;
		error_status;
	}
and then following command…
	$ curl localhost/error_status
...would return:
	core.zero_size_buf,2
	http.module.autoindex.open.failed,3
	http.core.directory_listing_forbidden,5
	http.core.body_too_large,7
	ssl.alerts.downstream.recv.certificate_expired,11
	ssl.alerts.downstream.sent.close_notify,13
	ssl.write.failed,17
	ssl.handshake.failed,19

Apache Traffic Server for example has an abstraction for error stats so we quickly implemented statistics for various TLS alerts[1] received from clients/upstreams (after that rolling out of preferred ciphersuite list changes and openssl upgrades became basically painless).

FreeBSD for example has a nice kernel API for counters: counter(9)[2]. Similar approach can be applied to nginx: with each worker maintaining it’s counters in separate part of shared memory, so updates to them can be lockless (and even non-atomic because there is no preemption inside one worker).

So questions are:
* Would Nginx Inc. be interested in adding such functionality?
* How much it interferes with Nginx Plus selling points? If somebody else writes that code, will it be possible to "upstream” it?


[1] https://issues.apache.org/jira/browse/TS-3007
[2] https://www.freebsd.org/cgi/man.cgi?query=counter&apropos=0&sektion=9&manpath=FreeBSD+11-current&format=html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150612/56143c15/attachment.bin>


More information about the nginx-devel mailing list