I was interested in having nginx log 404s to their own file. Essentially, i _hate_ 404s, so I like to parse access logs find and report all 404s. However, as-is, parsing large access logs can be quite inefficient since 404s represent such a small % of the entire file. I was thinking nginx could filter it out at write-time:
access_log not_found.log combined buffer=16K 404;
Apologies for the lameness of the code, but this is what I came up with:
https://gist.github.com/2906701
I certainly don't recommend anyone uses it, I'm mostly just looking for feedback. Is this better off in its own module? (there's so much code in the http_log_module that I want to leverage though). There's much more filtering that could go on that perhaps a new directive is a better approach:
access_log_filter $status /(40\d)/
access_log_filter $method GET
(which is certainly beyond my capabilities).
Thoughts?