access_log to track failed logins

Francis Daly francis at daoine.org
Tue Dec 18 22:33:45 UTC 2012


On Tue, Dec 18, 2012 at 02:33:06PM -0500, AJ Weber wrote:

Hi there,

> I have a login page that redirects (actually appends the parameter 
> "?error=true" to the URL and lets the user try again).
> 
> I was trying to re-define "access_log" with a full path and (for now) 
> "combined" to a separate file in that location

nginx chooses configuration based (primarily) on the "location", which
is the local part of the request, excluding query string.

So whatever location matches /my/login/page will also match
/my/login/page?error=true.

Does that explain why your initial attempts did not do what you expected?

> This doesn't seem to work at all.  An empty log gets created at startup, 
> but nothing ever gets written there.  Is it because the access logging 
> is already done by the time the location is determined?

No, the access logging is done in the context of whichever location the
request finishes in. It doesn't appear in your error=true log, because
a request like /my/login/page%3Ferror=true was not made.

(As a test, make a request like that, and you should see it in the
new file.)

> How can I somehow log when someone accesses the "login" page with the 
> "error=true" parameter on the URL?

Easiest? Log as normal, and post-process the access log. Something like

  tail -F logs/access.log | grep error=true >> logs/error=true.log

may be close enough for a first pass.

Or let the application do this logging.

Otherwise, read http://nginx.org/r/access_log to see if that offers
anything.

Possibly logging to "logs/access.log-$arg_error", or to something that
includes a variable set in a map based on $arg_error, would do what you
want? But be aware of the constraints.

Good luck,

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list