Log blacklisted domains to a separate log file

addis_a · November 18, 2014, 7:41pm

Hello,

I have a list of blacklisted domains in a file. For these domains I want
to
log to a different log file. I assume i have to write nginx module for
this. Or do we have some other way to do this?

Since there are too many blacklisted domains and they will change quite
often, creating vhosts is tough.

If I have to write a module for this, could any please be kind enough to
tell me the best practices. I did read
Emiller’s Guide to Nginx Module Development – Evan Miller but it doesn’t say
much
on how to work at logging phase (i want my log file to get reopened at
at
USR1).

Thanks a lot in advance

vigith_maurice · November 18, 2014, 7:49pm

How about map and log->if ?
http://nginx.org/en/docs/http/ngx_http_log_module.html

Posted at Nginx Forum:

vigith_maurice · November 18, 2014, 8:02pm

Thank you. I will take a look into map with include_file option.

vigith_maurice · November 18, 2014, 8:29pm

1.7.7 is stable enough, even the current 1.7.8 is good enough.

Why not try it out on a test system and through some ab tests against it
to
see what the performance does.

Or go for Lua to change the logfile, or create a separate
server/location
block for the blacklist.

Context for access_log: http, server, location

Posted at Nginx Forum:

vigith_maurice · November 18, 2014, 8:20pm

I don’t think map and log will help me solve it, I need to log to a
separate file if condition is matched.

Writing two sections with one pointing to default log (with map
condition
saying, no match to blacklist domains in the file) and other to
blacklist_log file with the opposite condition might solve the problem
but
won’t it affect the performance? won’t 2 pattern affect the performance?

Also 1.70 doesn’t seem to be stable yet.