Normally, there's an ad running in this spot, but you're using an ad blocker. To help support our blog, which provides free tutorials for everybody, we just ask that you whitelist or follow us on facebook, twitter, or subscribe using the form to the leftabove. Thank you!

    NGiNX Logging

    Our first foray into logging dealt with tailing our server's syslogs when we secured an Ubuntu instance. We've since revisited that topic in this article about basic log rotation. Now, we'll be touching specifically on Nginx logs.

    System requirements

    • A 32-bit or 64-bit computer with at least 8GB of RAM. 16GB or more is recommended.
    • At least 50GB of free disk space.

    Prerequisites

    1. Spin up a virtual machine, or a physical or cloud-based server.
    2. Install NGiNX

    Setting Up NGiNX Severity Levels

    Now that we've set up our Nginx server, we'll want to configure error logging in our Nginx configuration file, located at /etc/nginx/nginx.conf/usr/local/etc/nginx/nginx.conf. We'll be modifying this file so be sure to make a copy before making any changes to it.

    Look for the following directives in the http block of your configuration file, which tell Nginx where to store its logs.

    error_log /var/log/nginx/error.log warn;
    

    Notice that we've set our error_log level to warn, which will log severity levels of warn, error, crit, alert, and emerg.

    Level Description
    emergEmergency situations where the system is unusable. Action must be taken immediately.
    alertSevere situation where action is promptly needed.
    critUsed when critical events cause more severe problems or brief outages.
    errorAn Error has occurred. A process was unsuccessful.
    warnSomething out of the ordinary happened, but the system is still usable.
    noticeA normal event, but worth making a note of.
    infoAn informational message.
    debugDebug messages that can lead to a solution to a particular error.

    I find that warn provides the ideal amount of logging, with other options giving either too much or too little information. To log the maximum amount of messages, set the level to debug.

    Note: About debug mode.

    If you set the log level to debug, make sure to revert it back to warn, especially on a high traffic site.

    Nginx Logs for Specific Paths

    Set up your server block like so to set domain or path-specific logging:

    server {
        server_name example.com
        # domain-specific logging
        error_log    /var/logs/nginx/example.com.error.log;
        location /admin/ { 
            # location-specific
        }         
    }
    

    Logging Errors from Specific IPs

    Just add the following line to the events block in your /etc/nginx/nginx.conf/usr/local/etc/nginx/nginx.conf file and replace 1.1.1.1 with the IP address you want to target.

    events {
        debug_connection 1.1.1.1;
    }
    

    Formatting Access Logs

    Nginx's access log is located at the path specified in your /etc/nginx/nginx.conf/usr/local/etc/nginx/nginx.conf file. You're allowed to override the default settings in your nginx configuration file's http block using the log_format directive. Notice how we create the log format first, and then link the access_log directive, accordingly.

    http {
        log_format compression '$remote_addr - $remote_user [$time_local] '
                               '"$request" $status $body_bytes_sent '
                               '"$http_referer" "$http_user_agent" "$gzip_ratio"';
    
        server {
            gzip on;
            access_log /var/log/nginx/nginx-access.log compression;
            ...
        }
    }
    

    The above example extends the standard combined format with gzip compression.

    Conditional Logging

    You can also configure Nginx to exclude certain logs based on certain conditions. In the following example, we're excluding requests with 2xx and 3xx response codes.

    map $status $loggable {
        ~^[23]  0;
        default 1;
    }
    
    access_log /var/log/nginx/access.log combined if=$loggable;
    

    Logging to Syslog

    Sometimes its easier to consolidate your Nginx logs into the syslog, which standardizes log formatting to make it easier to collect and parse log messages to a single syslog server. The following example specifies the server location, facility or type of program logging the message, tag and severity. Other options for facility include auth, authpriv, daemon, cron, frp, lpr, kern, mail, news, syslog, user, uucp, and local0 through local7, with the default being local7.

    error_log server=unix:/var/log/nginx.sock debug;
    access_log syslog:server=[1.1.1.1]:1234,facility=local7,tag=nginx,severity=info;
    

    Manual Log Rotation

    Add the following lines to a bash script and execute, as needed.

    # moves the current log to a new file for archiving
    # increase the .# suffix the older the file is so .0 .1 .2
    # ...with .0 always being the most recent
    mv /path/to/access.log /path/to/access.log.0
    
    # sends a signal to nginx, telling it to reload its log files
    kill -USR1 `cat /var/run/nginx.pid`
    
    # gives the process time to complete
    sleep 1
    
    # add any post-process commands below
    

    Log Rotation with Logrotate

    Nginx on Ubuntu comes packaged with a custom logrotate script. It's located at this article for a logrotate 101.

    That concludes this article. Make sure to read about the log module here, if you'd like to learn more.

    Did you like this tutorial? Help us pay for server costs by following us on Facebook, Twitter, and subscribing below, where you'll get post notifications, training webinar invites, and free bundles.