[patch] Logging: raise severity level for logged messages
Sergei Turchanov
turchanov at farpost.com
Mon Dec 30 23:10:32 UTC 2013
Okay, maybe. But what about at least this part:
@@ -1801,7 +1801,7 @@ ngx_http_process_request(ngx_http_reques
if (rc != X509_V_OK
&& (sscf->verify != 3 ||
!ngx_ssl_verify_error_optional(rc)))
{
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ ngx_log_error(NGX_LOG_ERR, c->log, 0,
"client SSL certificate verify error:
(%l:%s)",
rc, X509_verify_cert_error_string(rc));
@@ -1816,7 +1816,7 @@ ngx_http_process_request(ngx_http_reques
cert = SSL_get_peer_certificate(c->ssl->connection);
if (cert == NULL) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ ngx_log_error(NGX_LOG_ERR, c->log, 0,
"client sent no required SSL
certificate");
ngx_ssl_remove_cached_session(sscf->ssl.ctx,
We use client certificate s and having ability to see client ssl
certificates errors
without setting error_log to 'info' level helps a lot. And these error
are not just
as easily triggered as plain client http errors. Don't you agree?
31.12.2013 07:07, Maxim Dounin написал:
> Hello!
>
> On Mon, Dec 30, 2013 at 12:35:06PM +1100, Sergei Turchanov wrote:
>
>> # HG changeset patch
>> # User Sergei Turchanov<turchanov at farpost.com>
>> # Date 1388366954 -39600
>> # Node ID 309f46326753b70222ed86d0c09cb1f702aeffda
>> # Parent 2cfc095a607a2e6205e45ee0be062f57a8d7ac88
>> Logging: raise severity level for logged messages
>>
>> Nginx is inconsistent in respect to severity level used for messages that
>> are logged for user/server errors resulting in 4xx/5xx response codes.
>> There are some places where INFO level is used which makes hard to debug
>> user problems because setting logging level of 'error_log' to 'info'
>> produces
>> too much of an output whereas with this patch setting level to 'warn' gives
>> more relevant messages.
>
> No, thank you. These messages are logged at info level as they
> are trivial to trigger by a client, and there should be an easy
> way to hide these messages.
>
More information about the nginx-devel
mailing list