Ensure consistent hostname logging behavior in nginx logs

[cotosso]

Currently, the log format used by nginx differs from other logs, as it writes the hostname twice, causing inconsistency and visual misalignment with the rest of the log entries. This behavior can be seen in the following examples:

Expected Behavior (similar to other logs):

Nov 11 14:07:18 NSec8-VM-davidem nethsecurity-api[4929]: nethsecurity_api 2024/11/11 14:07:18 middleware.go:199: [INFO][AUTH] refresh response success for user root

Current Nginx Behavior:

Nov 11 14:07:18 NSec8-VM-davidem nsec8-vm-davidem nginx: 192.168.56.1 - - [11/Nov/2024:14:07:18 +0000] "GET /api/refresh HTTP/1.1" 200 254 "https://192.168.56.104:9090/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"

Explanation and Purpose

• WHY: The discrepancy in logging format creates inconsistency when viewing logs from multiple daemons. This may lead to confusion during log analysis, troubleshooting, and system auditing, especially in environments where uniformity across logs is essential.
• PURPOSE: Ensuring that Nginx logs follow the same logging format as other daemons would promote uniformity, making it easier to parse and visually inspect logs.

Proposed Solution

Modify the nginx log format to prevent the hostname from being written twice.

Components

NethSecurity version: 8-23.05.5-ns.1.3.0

[cotosso]

This needs to be fixed for both port 443 and 9090.

For port 443 it should be enough to use this fix:

uci set nginx._lan.access_log='syslog:server=unix:/dev/log,nohostname'
uci commit nginx

For port 9090 this should fix it:

root@NSec8-VM-davidem:~# diff -u /etc/nginx/conf.d/ns-ui.conf.ori /etc/nginx/conf.d/ns-ui.conf
--- /etc/nginx/conf.d/ns-ui.conf.ori    2024-10-03 11:26:06.000000000 +0000
+++ /etc/nginx/conf.d/ns-ui.conf        2024-10-31 15:01:08.168405068 +0000
@@ -6,8 +6,8 @@
        ssl_certificate_key /etc/nginx/conf.d/_lan.key;
        ssl_session_cache shared:SSL:32k;
        ssl_session_timeout 64m;
-       error_log syslog:server=unix:/dev/log;
-       access_log syslog:server=unix:/dev/log;
+       error_log syslog:server=unix:/dev/log,nohostname;
+       access_log syslog:server=unix:/dev/log,nohostname;

        # enable NS UI
        location / {

if you want to try it you 'll need also to restart the service:

/etc/init.d/nginx restart

[Tbaile]

Image: 23.05.5-ns.1.3.0-41-g7436b45

Try the new image, ensure configuration is set correctly.
Try to update a regular installation with the new one, check that the values get updated.

[cotosso]

tested on port 9090 and 443 it works as expected:

Nov 18 20:18:42 NethSec.localdomain nginx: 192.168.56.1 - - [18/Nov/2024:20:18:42 +0000] "POST /api/ubus/call HTTP/1.1" 200 323 "https://192.168.56.104:9090/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"