[patch] Logging: raise severity level for logged messages

Sergei Turchanov turchanov at farpost.com
Mon Dec 30 23:10:32 UTC 2013


Okay, maybe. But what about at least this part:

@@ -1801,7 +1801,7 @@ ngx_http_process_request(ngx_http_reques
              if (rc != X509_V_OK
                  && (sscf->verify != 3 || 
!ngx_ssl_verify_error_optional(rc)))
              {
-                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                ngx_log_error(NGX_LOG_ERR, c->log, 0,
                                "client SSL certificate verify error: 
(%l:%s)",
                                rc, X509_verify_cert_error_string(rc));

@@ -1816,7 +1816,7 @@ ngx_http_process_request(ngx_http_reques
                  cert = SSL_get_peer_certificate(c->ssl->connection);

                  if (cert == NULL) {
-                    ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                    ngx_log_error(NGX_LOG_ERR, c->log, 0,
                                    "client sent no required SSL 
certificate");

                      ngx_ssl_remove_cached_session(sscf->ssl.ctx,


We use client certificate	s and having ability to see client ssl 
certificates errors
without setting error_log to 'info' level helps a lot. And these error 
are not just
as easily triggered as plain client http errors. Don't you agree?


31.12.2013 07:07, Maxim Dounin написал:
> Hello!
>
> On Mon, Dec 30, 2013 at 12:35:06PM +1100, Sergei Turchanov wrote:
>
>> # HG changeset patch
>> # User Sergei Turchanov<turchanov at farpost.com>
>> # Date 1388366954 -39600
>> # Node ID 309f46326753b70222ed86d0c09cb1f702aeffda
>> # Parent  2cfc095a607a2e6205e45ee0be062f57a8d7ac88
>> Logging: raise severity level for logged messages
>>
>> Nginx is inconsistent in respect to severity level used for messages that
>> are logged for user/server errors resulting in 4xx/5xx response codes.
>> There are some places where INFO level is used which makes hard to debug
>> user problems because setting logging level of 'error_log' to 'info'
>> produces
>> too much of an output whereas with this patch setting level to 'warn' gives
>> more relevant messages.
>
> No, thank you.  These messages are logged at info level as they
> are trivial to trigger by a client, and there should be an easy
> way to hide these messages.
>



More information about the nginx-devel mailing list