Conditional access logging #594

joachimBurket · 2021-11-11T07:23:15Z

Hi there,

It would be great to be able to filter access logs by its content. I'm running my apps in a Kubernetes cluster, and have some healthchecks configured on '/readyz' and '/livez'.
These checks are generating a lot of access logs, which make hard to see the important ones.

VBart · 2021-11-24T14:54:54Z

Any ideas on how such configuration may look like? Or maybe we just need to allow configuring access log in the router objects somehow?

akalineskou · 2022-10-04T00:34:36Z

in nginx we do it like this

# ignore health checks from logs
    map $request_uri $loggable {
        /health 0;

        default 1;
    }

    access_log /proc/self/fd/1 main if=$loggable;

This feature is a must since it does flood the access logs

lcrilly · 2023-10-20T08:13:32Z

Current thoughts for this are to provide an if object within the access_log configuration that provides very simple matching with variables or more complex matching with JavaScript expressions.

Only log requests that sent a session cookie (a non-empty string is considered true)

{
  "access_log": {
    "if": "$cookie_session",
    "path": "…"
}

Do not log health check requests

{
  "access_log": {
    "if": "`${uri == '/health' ? false : true}`",
    "path": "…"
}

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. For example: { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "/path/access.log" } } Or { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "/path/access.log" } } If the current hour is less than 22, the logs will be recorded. Closes: <nginx#594>

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. For example: { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "/path/access.log" } } Or { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "/path/access.log" } } If the current hour is less than 22, the logs will be recorded. Closes: nginx#594

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. Example 1: { "access_log": { "if": "$cookie_session", "path": "..." } } Example 2: { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } } Example 3: { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } } If the current hour is less than 22, the logs will be recorded. Closes: nginx#594

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. Example 1: Only log requests that sent a session cookie. { "access_log": { "if": "$cookie_session", "path": "..." } } Example 2: Do not log health check requests. { "access_log": { "if": "`${uri == '/health' ? false : true}`", "path": "..." } Example 3: Only log requests when the time is before 22:00. { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } } or { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } } Closes: nginx#594

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. Example 1: Only log requests that sent a session cookie. { "access_log": { "if": "$cookie_session", "path": "..." } } Example 2: Do not log health check requests. { "access_log": { "if": "`${uri == '/health' ? false : true}`", "path": "..." } } Example 3: Only log requests when the time is before 22:00. { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } } or { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } } Closes: nginx#594

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. Example 1: Only log requests that sent a session cookie. { "access_log": { "if": "$cookie_session", "path": "..." } } Example 2: Do not log health check requests. { "access_log": { "if": "`${uri == '/health' ? false : true}`", "path": "..." } } Example 3: Only log requests when the time is before 22:00. { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } } or { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } } Closes: #594

This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition. Example 1: Only log requests that sent a session cookie. { "access_log": { "if": "$cookie_session", "path": "..." } } Example 2: Do not log health check requests. { "access_log": { "if": "`${uri == '/health' ? false : true}`", "path": "..." } } Example 3: Only log requests when the time is before 22:00. { "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } } or { "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } } Closes: nginx#594

VBart added the z-enhancement ⬆️ Product Enhancement label Nov 13, 2021

hongzhidao self-assigned this Oct 12, 2023

lcrilly mentioned this issue Oct 20, 2023

Disable access log for specific routes #797

Closed

lcrilly changed the title ~~Feature: Access Logs filtering~~ Conditional access logging Oct 20, 2023

tippexs added this to the 1.32 milestone Dec 6, 2023

andrey-zelenkov mentioned this issue Jan 10, 2024

HTTP: enhanced access log with conditional filtering. #1044

Merged

tippexs added the z-roadmap label Jan 19, 2024

hongzhidao closed this as completed in 4c91beb Jan 29, 2024

callahad added this to NGINX Unit Planning May 20, 2024

callahad moved this to 🚀 Released in NGINX Unit Planning May 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Conditional access logging #594

Conditional access logging #594

joachimBurket commented Nov 11, 2021

VBart commented Nov 24, 2021

akalineskou commented Oct 4, 2022

lcrilly commented Oct 20, 2023 •

edited

Loading

Conditional access logging #594

Conditional access logging #594

Comments

joachimBurket commented Nov 11, 2021

VBart commented Nov 24, 2021

akalineskou commented Oct 4, 2022

lcrilly commented Oct 20, 2023 • edited Loading

lcrilly commented Oct 20, 2023 •

edited

Loading