We use our nginx error logs to monitor our system closely. Recently,
we’ve
been hit with a lot of requests with malicious intent, and thus have
blocked
their IPs using a "deny " directive. This has worked as expected, but
unfortunately, our error logs are still flooded with “error” with
“access
forbidden by rule…” messages.
Why is a successful denial being logged as an error? I would expect
that
this is correct behaviour, and thus should not be logged as an error.
In any event, is their any way to suppress 403 denied messages from the
error log without bumping up the logging level? We don’t want to change
the
log level, as the “upstream timed out” error is also at level “error”
and is
something we really want to keep an eye on.
Posted at Nginx Forum: