nginx日志中$request_body 十六进制字符(\x22\x9B\x5C\x09\x08...)完美解决方案

在使用nginx记录访问日志时，发现在含有request_body的 PUT,POST 请求时，日志中会含有 \x22 \x9B \x5C \x09 \x08 字符，不利于阅读和处理。

具体 支持request_body的http method参见 http1.1定义 9 Method Definitions 和 Payloads of HTTP Request Methods

nginx.conf 默认access_log 配置

    log_format  main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"'
                      '$http_host $upstream_status $upstream_addr $request_time $upstream_response_time';复制代码

改成

    log_format json_log escape=json '{"realip":"$remote_addr","@timestamp":"$time_iso8601","host":"$http_host","request":"$request","req_body":"$request_body","status":"$status","size":$body_bytes_sent,"ua":"$http_user_agent","cookie":"$http_cookie","req_time":"$request_time","uri":"$uri","referer":"$http_referer","xff":"$http_x_forwarded_for","ups_status":"$upstream_status","ups_addr":"$upstream_addr","ups_time":"$upstream_response_time"}';复制代码

参考 How to generate a JSON log from nginx?

官方文档ngx_http_log_module.html#log_format 注意，escape是从1.11.8后新增的参数。

如果是老版本的，linux可以考虑使用shell命令替换，logstash可以考虑使用ruby处理 ，参考 Optionally support handling of \x escape codes

博客 anjia.ml/2017/06/21/…
简书 www.jianshu.com/p/8409f28f3…
掘金 juejin.im/post/5949e0…