Configuring the Nginx Error and Access Log

Posted 

5 min read

Nginx is an open-source, high-performance HTTP and reverse proxy server responsible for handling the load of some of the largest sites on the Internet. When managing NGINX web servers, one of the most frequent tasks you’ll perform is checking the log files.

Knowing how to configure and read the logs is very useful when troubleshooting server or application issues as they provide detailed debugging information.

Nginx writes records of its events in two types of logs: access logs and error logs. Access logs write information about client requests, and error logs write information about the server and application issues.

This article outlines how to configure and read the Nginx access and error logs.

Configuring the Access Log

Whenever a client request is processed, Nginx generates a new event in the access log. Each event record contains a timestamp and includes various information about the client and the requested resource. Access logs can show you the location of the visitors, the page they visit, how much time they spend on the page, and much more.

The log_format directive allows you to define the format of logged messages. The access_log directive enables and sets the location of the log file and the used format.

The most basic syntax of the access_log directive is as follows:

access_log log_file log_format;

Where log_file is the full path to the log file, and log_format is the format used by the log file.

The access log can be enabled either in http, server, or location directives block.

By default, the access log is globally enabled in the http directive inside the main Nginx configuration file.

/etc/nginx/nginx.conf
http {
  ...
  access_log  /var/log/nginx/access.log;
  ...
}

For better maintainability, it is recommended to set a separate access log file for each server block. The access_log directive set in the server directive overrides the one set in the http (higher level) directive.

/etc/nginx/conf.d/domain.com.conf
http {
  ...
  access_log  /var/log/nginx/access.log;
  ...

  server {
    server_name domain.com
    access_log  /var/log/nginx/domain.access.log;
    ...
  }
}

If no log format is specified Nginx uses the predefined combined format which look like this:

log_format combined '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

To change the logging format either override the default setting or define a new one. For example to define a new logging format named main which will extend the combined format with the value showing the X-Forwarded-For header add the following definition in the http or server directive:

log_format  custom  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

To use the new format, specify its name after the log file as shown below:

access_log  /var/log/nginx/access.log custom;

While the access log provides very useful information. it takes disk space and may affect the server performance. If your server is low on resources and you have a busy website, you might want to disable the access log. To do that, set the value of the access_log directive to off:

access_log  off;

Configuring the Error Log

Nginx writes messages about the application and general server errors in the error log file. If you are experiencing errors in your web application, the error log is the first place to start for troubleshooting issues.

The error_log directive enables and sets the location and the severity level of the error log. It takes the following form and can be set within an http, server, or location block:

error_log log_file log_level

The log_level parameter sets the level of logging. Below are levels listed by their severity (from low to high):

  • debug - Debugging messages.
  • info - Informational messages.
  • notice - Notices.
  • warn - Warnings.
  • error - Errors while processing a request.
  • crit - Critical issues. Requires a prompt action.
  • alert - Alerts. Action must be taken immediately.
  • emerg - Emergency situation. The system is in an unusable state.

Each log level includes the higher levels. For example, if you set the log level to warn, Nginx will also log the error, crit, alert, and emerg messages.

When the log_level parameter is not specified, it defaults to error.

By default, the error_log directive is defined in the http directive inside the main nginx.conf file:

/etc/nginx/nginx.conf
http {
  ...
  error_log  /var/log/nginx/error.log;
  ...
}

Same as with access logs, it is recommended to set a separate error log file for each server block, which overrides the setting inherited from the higher levels.

For example, to set the domain.com’ error log to warn you would use:

http {
  ...
  error_log  /var/log/nginx/error.log;
  ...

  server {
    server_name domain.com
    error_log  /var/log/nginx/domain.error.log warn;
    ...
  }
}

Whenever you modify the configuration file, you have to restart the Nginx service for the changes to take effect.

Location of the Log Files

By default on most Linux distributions, such as Ubuntu, CentOS, and Debian, access and error logs are located in the /var/log/nginx directory.

Reading and Understanding the Nginx Log Files

You can open and parse the log files using standard commands like cat, less, grep, cut, awk, and so on.

Here is an example record from the access log file that uses the default combine Nginx log format:

192.168.33.1 - - [15/Oct/2019:19:41:46 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36"

Let’s break down what each field of the record means:

  • $remote_addr - 192.168.33.1 - The IP address of the client making the request.
  • $remote_user - - - HTTP Authenticated User. When the user name is not set, this field shows -.
  • [$time_local] - [15/Oct/2019:19:41:46 +0000] - Local server time.
  • "$request" - "GET / HTTP/1.1" - The request type, path and protocol.
  • $status - 200 - The server response code.
  • $body_bytes_sent - 396 - The size of server response in bytes.
  • "$http_referer" - "-" - The URL of the referral.
  • "$http_user_agent" - Mozilla/5.0 ... - The user agent of the client (web browser).

Use the tail command to watch the log file in real-time:

tail -f  access.log 

Conclusion

Log files provide you with useful information about server issues and how visitors interact with your website.

Nginx allows you to configure the access and error logs according to your needs.

If you have any questions or feedback, feel free to leave a comment.