nginx does not escape logged variables. This makes it impossible to
reliably parse log entries. This is what Apache does:
For security reasons, starting with version 2.0.46, non-printable
and other special characters in %r, %i and %o are escaped using
\xhh sequences, where hh stands for the hexadecimal representation
of the raw byte. Exceptions from this rule are " and , which are
escaped by prepending a backslash, and all whitespace characters,
which are written in their C-style notation (\n, \t, etc). In
versions prior to 2.0.46, no escaping was performed on these strings
so you had to be quite careful when dealing with raw log files.
I think you only need to modify the ngx_http_log_variable_getlen and
ngx_http_log_variable functions.
You’re right, it’s simpler than I thought. I was concerned about the
performance overhead of escaping variables that are known to be good,
but they are already special-cased by ngx_http_log_vars.