Error counters in nginx
Alexey Ivanov
savetherbtz at gmail.com
Fri Jun 12 10:26:04 UTC 2015
Hi.
I have a feature request: from system administrator point of view it would be nice to have counters for each type of error log message.
For example right now nginx error.log consists of myriad of different error message formats:
open() “%s” failed
directory index of “%s” is forbidden
SSL_write() failed
SSL_do_handshake()
zero size but in output chain
client intended to send too large body
To plot that stuff on a dashboard sysadmin needs to increase error_log verbosity, write custom daemon that tails it and then manually write parser for every “interesting” log entry.
It would be nice if `ngx_log_error()` did all that work for us.
So that one could just specify following config:
location /error_status {
error_status_format csv;
error_status;
}
and then following command…
$ curl localhost/error_status
...would return:
core.zero_size_buf,2
http.module.autoindex.open.failed,3
http.core.directory_listing_forbidden,5
http.core.body_too_large,7
ssl.alerts.downstream.recv.certificate_expired,11
ssl.alerts.downstream.sent.close_notify,13
ssl.write.failed,17
ssl.handshake.failed,19
Apache Traffic Server for example has an abstraction for error stats so we quickly implemented statistics for various TLS alerts[1] received from clients/upstreams (after that rolling out of preferred ciphersuite list changes and openssl upgrades became basically painless).
FreeBSD for example has a nice kernel API for counters: counter(9)[2]. Similar approach can be applied to nginx: with each worker maintaining it’s counters in separate part of shared memory, so updates to them can be lockless (and even non-atomic because there is no preemption inside one worker).
So questions are:
* Would Nginx Inc. be interested in adding such functionality?
* How much it interferes with Nginx Plus selling points? If somebody else writes that code, will it be possible to "upstream” it?
[1] https://issues.apache.org/jira/browse/TS-3007
[2] https://www.freebsd.org/cgi/man.cgi?query=counter&apropos=0&sektion=9&manpath=FreeBSD+11-current&format=html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150612/56143c15/attachment.bin>
More information about the nginx-devel
mailing list