- Documentation For This Video
- NGINX http_log module
- NGINX log_format directive
- NGINX access_log directive
- NGINX error_log directive
- Configure access logs. Two main types are
- Access logs
- Error logs
- According to the above steps we have configured access logs as below.
Explanation: - The log_format line here sets the name of the log format to main and then sets the string to be logged by combining many of the available NGINX variables. - By itself, creating this format doesn’t do anything until it’s used as part of the access_log line in combination with the path to the log file. - main: name of the default format - Refer ngx_http_log_module for further information.
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main;
- It’s fairly common to read NGINX configuration for a log that looks something like this
access_log /var/log/nginx/example.log combined;
- The combined format is a pre-defined log format type.
- Configuring error logs is simpler than access logging. Here are the logging levels.
- debug
- info
- notice
- warn
- error
- crit
- alert
- emerg
- Number gets larger the “severity” increases, and every level of a lower severity contains content logged at the severities higher than itself.
- Default nginx error log looks like
$ vim /etc/nginx/nginx.conf
error_log /var/log/nginx/error.log warn;
- If we set the warn level , anything logged at a notice, info, or debug level will not be written to the log file. Anything after warn i.e error, crit. alert, emerg will be writtern in to the error.log
- It’s common to want to log using syslog instead of a file so that logs can be aggregated with a logging server or service like PaperTrail. Nginx supports it.
- Let’s change our blog and notes servers to log to a locally running syslog server by adding the following line to each file’s server block
access_log syslog:/dev/log combined;
- We’re using the default combined format and logging to the default syslog socket at /dev/log.
- The server attribute could also be set to a remote address using a domain or IP address instead of a local unix: socket.
- Depending on the linux flavours the file that we will read from will be a little different.
- CentOS: /var/log/messages
- Debian: /var/log/syslog
- The log messages that main provides are not very helpful because we don’t know which virtual host was requested. Let’s create our own custom
log_format
hat will include this information that we can use for our virtual hosts.$ vim /etc/nginx/nginx.conf
log_format vhost '$host $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
- Format is the same as main except we added the $host value.
- Now the line that we used in our virtual hosts can be changed to this
$ vim /etc/nginx/nginx.conf
access_log syslog:/dev/log vhost;
- Reload nginx refresh the browser or curl as below.
$ systemctl reload nginx $ curl --header "Host: photos.example.com" localhost 2&>1 $ curl --header "Host: photos.example.com" localhost 2&>1 $ tail -n 2 /var/log/messages # output Mar 19 22:10:18 xxxxxx journal: xxxxxxx.mylabserver.com nginx: photos.example.com 127.0.0.1 - - [19/Mar/2018:22:10:18 +0000] "GET / HTTP/1.1" 200 1863 "-" "curl/7.29.0" "-" Mar 19 22:10:24 xxxxxxx journal: xxxxxxxx.mylabserver.com nginx: photos.example.com 127.0.0.1 - - [19/Mar/2018:22:10:24 +0000] "GET / HTTP/1.1" 200 53324 "-" "curl/7.29.0" "-"