Separate Nginx access log file for certain requests only

Question

As far as I can see Nginx supports by default 2 log files: error_log (tracks issues related to the Nginx server itself) and access_log (tracks requests processed by Nginx). Whilst it is possible to control the format of access_log with the log_format directive, I have been unsuccessful at finding a way of logging only certain requests to a separate file, and therefore would like to ask the question on SF as a reference for future readers:

Is there a way to log certain requests to a different log file than the one defined by access_log?

FYI the reason behind this question is that I have a rule that denies access to unwanted crawlers with a 200 (because 403 would give them a hint that they're being blocked), and filtering those requests out of the access_log becomes more difficult.

Max Corbeau · Accepted Answer · 2012-06-01T13:44:14.593

10

cjc put me on the right track. Using access_log in an if statement by itself is not possible (You get a nginx: [emerg] "access_log" directive is not allowed here error). So the workaround is as follows:

if ($http_user_agent ~* (crawler) ) {
  set $crawler 'yes';
}
location ~ .* {
  if ($crawler = 'yes') {
    access_log /var/log/nginx/blockedbots.log;
    return 200;
    }
}

edited Jun 01 '12 at 13:44

answered Jun 01 '12 at 13:23

Max Corbeau

3,653

score 7 · Answer 2 · answered Jul 15 '15 at 14:58

7

access_log supports if:

(access_log path [format [buffer=size [flush=time]] [if=condition]];)

access_log /var/.... if $crawler;

Source:

http://nginx.org/en/docs/http/ngx_http_log_module.html

answered Jul 15 '15 at 14:58

Thomas Decaux

1,397

score 4 · Answer 3 · answered Jun 01 '12 at 12:29

You should be able to put an access_log directive inside an if block, according to the documentation:

http://wiki.nginx.org/HttpLogModule

So, you should be able to do something like:

if ($http_user_agent ~* (crawler) ) {
   access_log /path/to/other/log/file ;
}

score 2 · Answer 4 · answered Mar 30 '22 at 14:19

When I came upon this post I was looking for a way to send AWS ELB healthcheck logs to a separate file as they were clogging up access.log. I was never able to get access_log to work with if inside a location block, and this does not work either:

map $http_user_agent $healthcheck {
    "ELB-HealthChecker/2.0" 1;
    default 0;
  }
access_log /var/log/nginx/elb-healthcheck.log main if=$healthcheck;
access_log /var/log/nginx/access.log main if=!$healthcheck;

In a sea of braces it is easy to forget that the NGINX configuration file is not a programming language.

What I ended up with, albeit clunky looking, is this:

map $http_user_agent $not_elb {
    "ELB-HealthChecker/2.0" 0;
    default 1;
}
map $http_user_agent $elb {
    "ELB-HealthChecker/2.0" 1;
    default 0;
}
access_log /var/log/nginx/access.log main if=$not_elb;
access_log /var/log/nginx/elb-healthcheck.log main if=$elb;

Regular traffic goes to access.log and ELB healthcheck logs go to elb-healthcheck.log.

Separate Nginx access log file for certain requests only

4 Answers4

Linked