在nginx日志中记录SSL/TLS协议信息

nginx预定义了"combined"日志格式:

log_format combined '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

如果想让nginx记录SSL/TLS协议信息,可在nginx配置文件nginx.conf的http{}区块中定义以下日志格式:

log_format combined_ssl '$remote_addr - $remote_user [$time_local] '
                        '$ssl_protocol/$ssl_cipher '
                        '"$request" $status $body_bytes_sent '
                        '"$http_referer" "$http_user_agent"';

然后,在需要记录SSL/TLS协议信息的HTTPS服务器配置区块中指定使用combined_ssl日志格式就行了。

server {
        listen 443;

        ssl on;
        ssl_certificate cert.pem;
        ssl_certificate_key key.pem;

        access_log /var/log/nginx/access.log combined_ssl;
        ...
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.