"Status: Unknown command line -> " log line for each SKIP and EXPIRED accesses
Concerned version
Version: %2.0.13
Platform: Nginx
Summary
If Status handler is enabled, for each user access through a handler, if action was SKIP or EXPIRED, a line is logged to STDERR.
As an example, this morning on one of our production system it amounts to 40,370 lines out of 43,294 total log lines of LemonLDAP::NG handler service.
Logs
Example log line:
Feb 03 18:04:15 llnghost1 llng-fastcgi-server[1234]: Status: Unknown command line -> 192.168.0.27 => webapp1.example.com/path/to/a/page SKIP
Possible fixes
It seems that the Status handler has to know each and every possible handler action.
Every time an action is reached in Lemonldap/NG/Handler/Main/Run.pm
, the code calls $class->updateStatus($req, $action, ...)
, which appears to send a line of text to the Status handler via a pipe.
In the Status handler, this line is then handled according to its match against regular expressions. One of the regexp is /^(\S+)\s+=>\s+(\S+)\s+(OK|REJECT|REDIRECT|LOGOUT|UNPROTECT|\-?\d+)$/
(commented as "Activity collect"). It does not match status lines for SKIP or EXPIRED actions. Then the code falls into the catch-all case which logs unknown status lines to STDERR.
If I edit this regular expression to add the two missing actions, the spurious log lines disappear (and I see new entries in the status JSON :-) ).
Patch looks like this:
--- Lemonldap/NG/Handler/Lib/Status.pm.ori 2022-02-04 08:58:46.000000000 +0100
+++ Lemonldap/NG/Handler/Lib/Status.pm 2022-02-04 08:55:18.000000000 +0100
@@ -63,7 +63,7 @@
# Activity collect
if (
-/^(\S+)\s+=>\s+(\S+)\s+(OK|REJECT|REDIRECT|LOGOUT|UNPROTECT|\-?\d+)$/
+/^(\S+)\s+=>\s+(\S+)\s+(OK|REJECT|REDIRECT|LOGOUT|UNPROTECT|SKIP|EXPIRED|\-?\d+)$/
)
{
my ( $user, $uri, $code ) = ( $1, $2, $3 );
There may be other actions which we do not see in our logs, but that are also missing from the regular expression...