$time_iso8601 is not set for invalid HTTP?

I use the if trick to get timestamped log names:

if ($time_iso8601 ~ “^(\d{4})-(\d{2})”) {
set $year $1;
set $month $2;
}

access_log …/access-$year-$month.log combined;

However, with nginx/1.4.6 (Ubuntu) I see that for invalid HTTP requests
$year and $month are not set. For example, with the above config after
issuing from a shell:

~> printf foo | nc host 80

I see in the error log for nginx:

2014/11/29 21:28:57 [warn] 8#0: *18 using uninitialized “year” variable
while logging request, client: 172.17.42.1, server: localhost, request:
“foo”
2014/11/29 21:28:57 [warn] 8#0: *18 using uninitialized “month” variable
while logging request, client: 172.17.42.1, server: localhost, request:
“foo”

That leads for the log file named .access–.log

Is it because $time_iso8601 is only set for valid request? If so, is
this
just a bug or a feature?

Posted at Nginx Forum:

Hello!

On Sat, Nov 29, 2014 at 03:48:24PM -0500, igorb wrote:

$year and $month are not set. For example, with the above config after
while logging request, client: 172.17.42.1, server: localhost, request:
“foo”

That leads for the log file named .access–.log

Is it because $time_iso8601 is only set for valid request? If so, is this
just a bug or a feature?

The rewrite module directives are not executed unless an
actual request handling happens, so this is expected result. Use
map instead:

map $time_iso8601 $year_and_month {
    "~^(?<temp>\d{4}-\d{2})"  $temp;
}

Or, better, avoid using such “timestamped log names” at all as
this approach implies unneeded overhead on opening/closing files
for each request. It is much more efficient to use normal log
rotation instead, see here:

http://nginx.org/en/docs/control.html#logs

Most OSes have newsyslog/logrotate utilities readily available to
do this and trivial to configure.

–
Maxim D.
http://nginx.org/

Maxim D. wrote:

Use map instead:

Thanks, map works nicely

avoid using such “timestamped log names” at all as this approach implies
unneeded overhead on opening/closing files for each request.

I use open_log_file_cache to mitigate this. Are there still problems
with
that? I would prefer to keep things simple and avoid explicit log
rotation.
The latter requires in my case more setup over a simple Docker container
with just nginx and extra log processing to extract monthly logs to feed
those to webalizer.

Posted at Nginx Forum:

On 12/1/2014 5:23 AM, igorb wrote:

that? I would prefer to keep things simple and avoid explicit log rotation.
The latter requires in my case more setup over a simple Docker container
with just nginx and extra log processing to extract monthly logs to feed
those to webalizer.

If you’re using Docker, use the Docker log collector, use the syslog
patch for nginx and have it log externally, or create a volume for the
logs and a helper container in which you run the log tools. It really
should not be nginx’s or its container’s job to manage/rotate logs.

Hello!

On Mon, Dec 01, 2014 at 08:23:53AM -0500, igorb wrote:

avoid using such “timestamped log names” at all as this approach implies
unneeded overhead on opening/closing files for each request.

I use open_log_file_cache to mitigate this. Are there still problems with
that? I would prefer to keep things simple and avoid explicit log rotation.

While open_log_file_cache mitigates most of the overhead involved,
this still implies constructing a log file name for each request,
looking up this name in the cache and so on. It’s still better to
use explicitly specified log file names.

–
Maxim D.
http://nginx.org/

Today Dec 1, 2014 at 08:24 Darren P. wrote:

If you’re using Docker, use the Docker log collector, use the syslog patch for
nginx and have it log externally, or create a volume for the logs and a helper
container in which you run the log tools. It really should not be nginx’s or
its container’s job to manage/rotate logs.

You doesn’t need any patch for syslog.
http://nginx.org/en/docs/syslog.html:
Logging to syslog is available since version 1.7.1.

–
WNGS-RIPE