More information out of error log?

Ilan Berkner iberkner at
Wed Jan 14 06:55:01 MSK 2009

In the current error log that I'm looking it, 50% of the bad requests came
from one IP address and 50% of them came from another.  It is unlikely that
its a bot as both IP addresses are registered to educational institutions
which are our primary users, but good point, I will keep an eye on it.


On Tue, Jan 13, 2009 at 6:42 PM, Nick Pearson <nick.pearson at>wrote:

> Hi Ilan,
> Try changing the output format for the error log file to include the user
> agent.  Or, look for requests to /letters/.mp3 in your access log, which may
> already contain the user agent.  You may find that these requests are coming
> from a bot that is parsing the links in your site incorrectly.  I see this
> consistently on the ten or so sites I host, although the errors I usually
> see are for the directory and filename with no file extension (such as
> /forms/document when the link actually points to /forms/document.pdf).
> It might also help to compare the remote IP addresses to see whether the
> bad requests always come from the same IP or IP range which might indicate
> that it is a bot.
> On Tue, Jan 13, 2009 at 5:05 PM, Ilan Berkner <iberkner at> wrote:
>> Hi All,
>> We are getting many of these errors:
>> 2009/01/13 13:04:28 [error] 27100#0: *782718 open()
>> "/home/spellcit/public_html/letters/.mp3" failed (2: No such file or
>> directory), client:, server:,
>> request: "GET /letters/.mp3 HTTP/1.1", host: ""
>> Essentially one of 2 things is happening:
>> (1) One of our php or flash files is trying to access this invalid file
>> "/letters/.mp3" or
>> (2) A user is trying to access this directly (unlikely).
>> The problem is that the log entry does not on the surface reveal enough
>> information about where the request is coming from so we're having a tough
>> time identifying the source of the request.  Is there a way (is it possible)
>> to add more information to the log entry to better identify the source of
>> the request (swf, php, html, direct, etc.).
>> Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list