NGINXACCESS_WITH_FORWARD_HOST %{IPORHOST:remote_addr}(\:%{INT:remote_port})? - %{USERNAME:remote_user} \[%{HTTPDATE:time_local}\] "(?:%{WORD:method} %{NOTSPACE:request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:rawrequest})" %{INT:status} %{INT:bytes_sent} %{QS:http_referer} %{QS:http_user_agent} %{QS:http_x_forwarded_for} "%{IPORHOST:http_host}"
this works for
10.88.1.12 - - [07/Jan/2017:12:13:33 +0800] "GET / HTTP/1.1" 200 21783 "http://example.com/refererUrl" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" "1.2.3.4,4.5.6.7" "www.example2.com"
10.88.1.12:8123 - - [07/Jan/2017:12:13:33 +0800] "GET / HTTP/1.1" 200 21783 "http://example.com/refererUrl2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" "1.2.3.4,4.5.6.7" "www.example3.com"
log_format main_x_forwarded_host
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" "$http_host" ';