switch to improved custom log format

This switches to a fully custom log format instead of using a variant of
the standard combined format since we don't use any tools requiring the
logs to be a standard format. This provides a cleaner format, allows us
to freely add new fields and gets rid of legacy/redundant fields.

The redundant timestamp already provided as the syslog timestamp is
dropped along with the legacy identd field always set to a dash.

This adds the connection serial number for identifying requests coming
from the same connection. TLS version is added as a replacement for our
previous addition of the URI scheme. This also adds the total request
length and total bytes sent to the client instead of only the body bytes
sent.
This commit is contained in:
Daniel Micay 2023-02-10 04:49:07 -05:00
parent 3ff77f472d
commit 7f61787026

View File

@ -64,8 +64,8 @@ http {
# maintained by certbot-ocsp-fetcher # maintained by certbot-ocsp-fetcher
ssl_stapling_file ocsp-cache/matrix.grapheneos.org.der; ssl_stapling_file ocsp-cache/matrix.grapheneos.org.der;
log_format main '$remote_addr - $remote_user [$time_local] ' log_format main '$connection $remote_addr $remote_user $ssl_protocol $server_protocol '
'"$request_method $scheme://$host$request_uri $server_protocol" $status $body_bytes_sent ' '$host "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent"';
access_log syslog:server=unix:/dev/log,nohostname main; access_log syslog:server=unix:/dev/log,nohostname main;
error_log syslog:server=unix:/dev/log,nohostname; error_log syslog:server=unix:/dev/log,nohostname;