Thanks Micah, very useful indeed. But it only works for nginx' access log, not the error log.
Example from error.log 2018/02/13 10:16:34 [error] 21283#21283: *15 directory index of "/some/path" is forbidden, client: XX.XX.XX.XX, server: example.com, request: "GET /thing HTTP/2.0", host: "example.com" The client bit is the user ip :\ AFAICT from reading the nginx docs [0], it is only possible to configure the error log path and the log level. Having access to error logs is useful, arguably more so than the normal logs, in order to troubleshoot misconfigurations and identify 404s that should or shouldn't be happening. Best to disable error logs it seems, and only enable them when debugging. ~abel [0]: https://nginx.org/en/docs/ngx_core_module.html#error_log On January 30, 2018 7:11:59 PM GMT+02:00, micah <mi...@riseup.net> wrote: >Abel Luck <a...@guardianproject.info> writes: > >> Does anyone know of a configuration solution for nginx to meet any or >> all of these bullet points? >> >> * log only the date, not the time or time zone >> * referer, ip, user-agent are never logged >> * country is logged by looking up the ip in a geoip database >> >> Ideally this would apply to both the standard access log and error >log. > >Drop the following in conf.d/noip: > > log_format noip '0.0.0.0 - $remote_user [$time_local] ' > '"$request" $status $body_bytes_sent ' > '"$http_referer" "$http_user_agent"'; > >and then reference it in your log lines, like this: > >access_log /var/log/nginx/gitlab_access.log noip; > >... it doesn't satisfy your third point, but I don't really feel like >geoip lookup of IP fits the 'privacy preserving' frame. _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
