Nginx

How do I view Nginx logs?

Logs are very important in a system to monitor the activities of an application as they provide you with useful debugging information and enable you to analyze all aspects of a web server. Like the other software applications, Nginx also maintains events like your web site visitors, encountered problems, and more to log files. The useful recorded information is used to take preemptive measures in order to deal with major serious discrepancies in the log events.

In this article, we will elaborate on how to configure and view Nginx Logs in Ubuntu 20.04 system to monitor the application activities.

There are two types of logs where recorded events in Nginx one is the access log, and the other is the error log. If you have already enabled these logs in the Nginx core configuration file then, you can find both types of logs in /var/log/nginx in all Linux distributions.

Nginx Access log

All activities related to site visitors are recorded in the access logs. In this type of log, you can find those files which are recently accessed, how the Nginx responded to a client request, client IP addresses, what browser a client is using, and more. By using the information of the access log, you can monitor the traffic to find site usage over time. If you monitor the access logs properly, then you can easily find some unusual requests which are sent by a user to check the flaws in the deployed application.

Enable the Nginx Access log

The access log you can enable with the access_log directive either in the server section or in HTTP.

The first argument, ‘log_file’ is compulsory, whereas the second argument is optional, ‘log_format’. If you do not mention log format, then logs will be typed in the default combined format.

The access log is defined by default in the Nginx configuration file. So, all virtual host’s access logs will be stored in the same configuration file.

http {
      ...
      access_log  /var/log/nginx/access.log;
      ...
}

It is recommended to set apart the access logs of all virtual hosts by recording into a new separate file.

http {
      ...
      ...
      access_log  /var/log/nginx/access.log;
   
         server {
                  listen 80;
                  Server_name example.com
                  access_log  /var/log/nginx/example.access.log;
                  ...
                  ...
                }
}

Reload the new NGINX configurations. Now, you can visit the access logs for the example.com domain in the file /var/log/nginx/example.access.log, by using the following command:

$ sudo tail -f /var/log/nginx/example.access.log

Customize format in the Access log

Let’s explain an example to define a custom access log format. By default, the access log is recorded in a combined log format. Therefore, you can extend the predefined format with the value of gzip response for compression ratio.

http {
            log_format custom '$remote_addr - $remote_user [$time_local] '
                           '"$request" $status $body_bytes_sent '
                           '"$http_referer" "$http_user_agent" "$gzip_ratio"';

            server {
                    gzip on;
                    ...
                    access_log /var/log/nginx/example.access.log custom;
                    ...
            }
}

Once you have made all changes in the configuration of Nginx, reload the Nginx and then run the tail command to display the gzip ratio at the end of the event log.

$ sudo tail -f /var/log/nginx/example.access.log

NGINX error log

If NGINX is suddenly stopped running or not working properly, it will record all events in the error log. Therefore, using the error logs, you can find more details. It also records warnings, but it cannot identify a problem that has occurred.

Enable error log

The following syntax of error_log directive:

error_log log_file log_level;

In the above syntax, the first argument represents the log file path, and the second argument identifies the security level of the log event.

We have mentioned an example below in which performing overriding in error_log directive in the server context.

http {
       ...
       ...
       error_log  /var/log/nginx/error_log;
       server {
                listen 80;
                server_name example1.com;
                    error_log  /var/log/nginx/example1.error_log  warn;
                        ...
       }
       server {
                listen 80;
                server_name example2.com;
                    error_log  /var/log/nginx/example2.error_log  debug;
                        ...
   }
}l

When you are required to disable the error log, assign the name of the log file to /dev/null.

error_log /dev/null;

Nginx Security Level of Error log

The following security level you can use in the error log:

  1. emerg: When your system is unstable, used for emergency messages
  2. alert: Generate alert messages of serious problems.
  3. crit: Used for Critical issues for immediately dealing.
  4. error: While processing a page, an error may occur.
  5. warn: Used for a warning message
  6. notice: Notice log that you can also ignore.
  7. info: For information, messages
  8. debug: Points the error location used for debugging information.

Conclusion

Nginx access and error logs are useful for recording certain activities. We have learned how we can enable and view these types of Nginx logs on our Linux system. That’s all about the Nginx logs.

About the author

Karim Buzdar

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.