"access_log" directive is not allowed here in how to do this properly?

dubstep · March 25, 2012, 9:21pm

Hello !

Iam trying to log the requests coming from a list of countries into a
seperate log file… Iam using the config below… BUt iam getting this
error:

[emerg]: “access_log” directive is not allowed here in
/etc/nginx/nginx.conf:55
configuration file /etc/nginx/nginx.conf test failed

How could I accomplish what iam trying to do?

Thanks!

–Mike

http {
…
…

geoip_country /etc/nginx/GeoIP.dat;

map $geoip_country_code $log {
default 0;
CN 1; #“China”
RO 1; #“Romania”
IQ 1; #“Iraq”
IR 1; #"Iran
HK 1; #“Hong Kong”
IN 1; #“India”
}

    server {
            listen   80;
            server_name  domain.com;
            .....
            .....
            if ($log) { access_log  /root/access-selected-slim.log;

}
location / { proxy_pass http://12.163.169.32:80/; }

            }
 }

Micheal_W · March 26, 2012, 12:32am

On Sun, Mar 25, 2012 at 07:21:20PM +0000, Micheal W. wrote:

Hi there,

Iam trying to log the requests coming from a list of countries into a seperate
log file…

map $geoip_country_code $log {
default 0;
CN 1; #“China”

    access_log logs/$log.log;

You may want to make the content of $log be more descriptive: “access”
and “special” instead of 0 and 1, for example.

Or just log normally, and post-process the file to split based on the
logged IP address.

f

Francis D. [email protected]

Micheal_W · March 26, 2012, 12:43am

Thanks… but i think you are not understanding me… the problem is that
the log line is throwing an error. So i cannot log.

This is the line that is throwing that error if ($log) { access_log
/root/access-selected-slim.log slim; }
I have that line inside my server {} … thats where i need it.

If i cant do it this way… how can I do it then?

Mike

Micheal_W · March 26, 2012, 1:16am

Hello Francis,

Put a line like
    access_log logs/$log.log;
inside the server{} block.

I did, iam still getting the error.
[emerg]: “access_log” directive is not allowed here in
/etc/nginx/nginx.conf:55

The line 55 is: if ($log) { access_log /root/$log.log;
slim; }

Micheal_W · March 26, 2012, 1:09am

On Sun, Mar 25, 2012 at 10:42:57PM +0000, Micheal W. wrote:

Hi there,

Thanks… but i think you are not understanding me… the problem is that the log
line is throwing an error. So i cannot log.

Put a line like

    access_log logs/$log.log;

inside the server{} block.

Whatever you set $log to in your map directive will be used in the
filename.

f

Francis D. [email protected]

Micheal_W · March 26, 2012, 1:22am

On Sun, Mar 25, 2012 at 11:15:43PM +0000, Micheal W. wrote:

Hi there,

I did, iam still getting the error.
[emerg]: “access_log” directive is not allowed here in /etc/nginx/nginx.conf:55

Don’t write:

             if ($log) { access_log /root/$log.log; slim; }

Do write:

     access_log /root/$log.log;

f

Francis D. [email protected]

Micheal_W · March 26, 2012, 1:41am

Don’t write:

             if ($log) { access_log /root/$log.log; slim; }

Do write:

     access_log /root/$log.log;

I did. No errors… but its not writing any log file at all… I think
this defeats the purpose… because I only want to log for when the IP
of the remote user matches any of those countries in the http {}
section.

Micheal_W · March 26, 2012, 1:30am

Thanks!
map $geoip_country_code $log {
listen 80;
server_name domain.com;
…
…
if ($log) { access_log /root/access-selected-slim.log; }
location / { proxy_pass http://12.163.169.32:80/; }
            }
 }

If you want to log queries from only the listed countries,
you may write the following:

http {
…
…

geoip_country /etc/nginx/GeoIP.dat;

map $geoip_country_code $log {
default dev/null;
CN root/access-selected-slim.log; #“China”
RO root/access-selected-slim.log; #“Romania”
IQ root/access-selected-slim.log; #“Iraq”
IR root/access-selected-slim.log; #"Iran
HK root/access-selected-slim.log; #“Hong Kong”
IN root/access-selected-slim.log; #“India”
}

    server {
            listen   80;
            server_name  domain.com;
            .....
            .....
            access_log /$log;
            location / { proxy_pass http://12.163.169.32:80/;  }

            }
 }

But note that access logs with variables in their names have limitatios.
Refer to the http://wiki.nginx.org/HttpLogModule

Micheal_W · March 26, 2012, 1:59am

Alex,

Thank you. This worked. Is it absolutely necessary to use a variable in
the log file at the server {} section? Afterall… all of the logs of
the listed countries are going to the same static filename.

–Mike

Micheal_W · March 26, 2012, 2:04am

On Sun, Mar 25, 2012 at 11:40:51PM +0000, Micheal W. wrote:

Hi there,

     access_log /root/$log.log;
I did. No errors… but its not writing any log file at all…

What does error_log say?

When I try to write to a new file in /root/ as a non-root nginx user,
I see something like

open() “/root/default.log” failed (13: Permission denied)

I think this defeats the purpose… because I only want to log for when the IP
of the remote user matches any of those countries in the http {} section.

Probably something like

map $geoip_country_code $mylogfile {
default off;
CN logs/access.log;
}
access_log $mylogfile;

will work, then.

“log normally and post-process” is always another option, of course.

f

Francis D. [email protected]