mohanpedala/nginx_logs.md

## nginx_logs.md

      
    Raw
  

              nginx_logs.md
            
          
    Configuring Logging


Documentation For This Video

NGINX http_log module
NGINX log_format directive
NGINX access_log directive
NGINX error_log directive


Configure access logs. Two main types are

Access logs
Error logs


According to the above steps we have configured access logs as below.
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;
Explanation:
- The log_format line here sets the name of the log format to main and then sets the string to be logged by combining many of the available NGINX variables.
- By itself, creating this format doesn’t do anything until it’s used as part of the access_log line in combination with the path to the log file.
- main: name of the default format
- Refer ngx_http_log_module for further information.
It’s fairly common to read NGINX configuration for a log that looks something like this
access_log /var/log/nginx/example.log combined;


The combined format is a pre-defined log format type.
Configuring error logs is simpler than access logging. Here are the logging levels.

debug
info
notice
warn
error
crit
alert
emerg


Number gets larger the “severity” increases, and every level of a lower severity contains content logged at the severities higher than itself.
Default nginx error log looks like
$ vim /etc/nginx/nginx.conf

error_log  /var/log/nginx/error.log warn;


If we set the warn level , anything logged at a notice, info, or debug level will not be written to the log file. Anything after warn i.e error, crit. alert, emerg will be writtern in to the error.log

Utilizing Syslog


It’s common to want to log using syslog instead of a file so that logs can be aggregated with a logging server or service like PaperTrail. Nginx supports it.
Let’s change our blog and notes servers to log to a locally running syslog server by adding the following line to each file’s server block
access_log syslog:/dev/log combined;


We’re using the default combined format and logging to the default syslog socket at /dev/log.
The server attribute could also be set to a remote address using a domain or IP address instead of a local unix: socket.
Depending on the linux flavours the file that we will read from will be a little different.

CentOS: /var/log/messages
Debian: /var/log/syslog


Custom Log Format


The log messages that main provides are not very helpful because we don’t know which virtual host was requested. Let’s create our own custom log_format hat will include this information that we can use for our virtual hosts.
$ vim /etc/nginx/nginx.conf

log_format vhost '$host $remote_addr - $remote_user [$time_local] "$request" '
                 '$status $body_bytes_sent "$http_referer" '
                 '"$http_user_agent" "$http_x_forwarded_for"';


Format is the same as main except we added the $host value.
Now the line that we used in our virtual hosts can be changed to this
$ vim /etc/nginx/nginx.conf

access_log syslog:/dev/log vhost;


Reload nginx refresh the browser or curl as below.
$ systemctl reload nginx
$ curl --header "Host: photos.example.com" localhost 2&>1
$ curl --header "Host: photos.example.com" localhost 2&>1
$ tail -n 2 /var/log/messages

# output
Mar 19 22:10:18 xxxxxx journal: xxxxxxx.mylabserver.com nginx: photos.example.com 127.0.0.1 - - [19/Mar/2018:22:10:18 +0000] "GET / HTTP/1.1" 200 1863 "-" "curl/7.29.0" "-"
Mar 19 22:10:24 xxxxxxx journal: xxxxxxxx.mylabserver.com nginx: photos.example.com 127.0.0.1 - - [19/Mar/2018:22:10:24 +0000] "GET / HTTP/1.1" 200 53324 "-" "curl/7.29.0" "-"