any way to escape logged bytes?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

any way to escape logged bytes?

Jeffrey 'jf' Lim
I am discovering that nginx is logging the bytes sent by a client - in
raw form - in my error.log for the following error:

client sent invalid method while reading client request line, client:
NN.N.N.N, server: NAME, request: ",'�Cookie: mstshash=eltons"

Is there a way to get nginx to escape the bytes, as per what happens
with access_log / log_format
(https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format)?

thanks,
-jf

--
He who settles on the idea of the intelligent man as a static entity
only shows himself to be a fool.
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: any way to escape logged bytes?

Maxim Dounin
Hello!

On Tue, Jul 28, 2020 at 01:08:32PM +0800, Jeffrey 'jf' Lim wrote:

> I am discovering that nginx is logging the bytes sent by a client - in
> raw form - in my error.log for the following error:
>
> client sent invalid method while reading client request line, client:
> NN.N.N.N, server: NAME, request: ",'�Cookie: mstshash=eltons"
>
> Is there a way to get nginx to escape the bytes, as per what happens
> with access_log / log_format
> (https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format)?

No, currently error logs are written as is and not escaped.
Relevant ticket is here:

https://trac.nginx.org/nginx/ticket/191

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: any way to escape logged bytes?

Jeffrey 'jf' Lim
On Thu, Jul 30, 2020 at 8:06 PM Maxim Dounin <[hidden email]> wrote:

>
> Hello!
>
> On Tue, Jul 28, 2020 at 01:08:32PM +0800, Jeffrey 'jf' Lim wrote:
>
> > I am discovering that nginx is logging the bytes sent by a client - in
> > raw form - in my error.log for the following error:
> >
> > client sent invalid method while reading client request line, client:
> > NN.N.N.N, server: NAME, request: ",'�Cookie: mstshash=eltons"
> >
> > Is there a way to get nginx to escape the bytes, as per what happens
> > with access_log / log_format
> > (https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format)?
>
> No, currently error logs are written as is and not escaped.
> Relevant ticket is here:
>
> https://trac.nginx.org/nginx/ticket/191
>

gotcha. Thank you! Will you accept a patch which would make error_log
escape the same way as per log_format's default escaping? That's if I
even manage to get it figured out.

-jf
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: any way to escape logged bytes?

Maxim Dounin
Hello!

On Thu, Jul 30, 2020 at 08:48:54PM +0800, Jeffrey 'jf' Lim wrote:

> On Thu, Jul 30, 2020 at 8:06 PM Maxim Dounin <[hidden email]> wrote:
> >
> > Hello!
> >
> > On Tue, Jul 28, 2020 at 01:08:32PM +0800, Jeffrey 'jf' Lim wrote:
> >
> > > I am discovering that nginx is logging the bytes sent by a client - in
> > > raw form - in my error.log for the following error:
> > >
> > > client sent invalid method while reading client request line, client:
> > > NN.N.N.N, server: NAME, request: ",'�Cookie: mstshash=eltons"
> > >
> > > Is there a way to get nginx to escape the bytes, as per what happens
> > > with access_log / log_format
> > > (https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format)?
> >
> > No, currently error logs are written as is and not escaped.
> > Relevant ticket is here:
> >
> > https://trac.nginx.org/nginx/ticket/191
> >
>
> gotcha. Thank you! Will you accept a patch which would make error_log
> escape the same way as per log_format's default escaping? That's if I
> even manage to get it figured out.

Sure.  Note though that there is more than one thing to consider,
including:

1. nginx uses multiline output in its own log messages, notably
debug logging of HTTP requests and responses, and it might not be
the best idea to escape all the error logs.  Probably this needs
some discretion on what to escape.

2. There can be a lot of debug log output, and it is bad idea to
slow things down.  Again, may need some discretion on what to
escape.

3. Error logging cannot allocate additional memory since it is
used, in particular, to log out-of-memory conditions.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx