Nginx Logs Ubuntu

Nginx Logs Ubuntu

Nginx is a popular open-source web server that is known for its high performance, stability, and low resource usage. It is often used to host websites and web applications, and is a popular choice for hosting on Ubuntu servers.

Access and analyze log files

One important aspect of managing an Nginx server is the ability to access and analyze log files. These logs contain information about server activity, including requests made to the server, errors that have occurred, and other relevant data. By analyzing these logs, you can troubleshoot issues, monitor performance, and improve the security of your server.

In Ubuntu, Nginx logs are stored in the /var/log/nginx directory by default. There are two main log files that you will typically need to access: the access.log file and the error.log file.

The access.log file contains information about all requests made to the Nginx server. Each line in the file represents a single request, and includes details such as the IP address of the client, the time of the request, the status code returned by the server, and the size of the response. Here is an example of a line from an access.log file: - - [10/Oct/2020:13:37:21 -0700] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"

The error.log file contains information about errors that have occurred on the Nginx server. This can include things like failed requests, issues with configuration files, and other problems. Each line in the file includes details about the error, such as the time it occurred and a description of the issue. Here is an example of a line from an error.log file:

2020/10/10 13:37:22 [error] 26596#0: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client:, server:, request: "GET /favicon.ico HTTP/1.1", host: ""

To view the contents of these log files, you can use a command-line tool such as cat, less, or tail. For example, to view the last 10 lines of the access.log file, you can use the following command:

tail -n 10 /var/log/nginx/access.log

To search for specific information in the log files, you can use the grep command. For example, to search for all requests from a particular IP address, you can use a command like this:

grep /var/log/nginx/access.log

Custom log formats and log locations

In addition to the built-in log files, Nginx also allows you to define your own custom log formats and log locations. This can be useful if you want to store logs in a different location, or if you want to include additional information in the logs.

To define a custom log format, you can use the log_format directive in the nginx.conf file. This directive specifies the format of the log data and assigns it a name, which you can then use in the access_log directive to specify which format to use. Here is an example of a custom log format definition:

log_format custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';

This log format includes the following variables:

  • $remote_addr: the IP address of the client

  • $remote_user: the user name provided by the client (if any)

  • $time_local: the local time when the request was received

  • $request: the request line from the client

  • $status: the status code returned to the client

  • $bodybytessent: the size of the response in bytes

  • $http_referer: the referer field from the client's request

  • $httpuseragent: the user agent field from the client's request

Once you have defined your custom log format, you can use it in the access_log directive to specify the location and format of the log file. Here is an example of how to use the custom log format defined above:

access_log /var/log/nginx/custom.log custom;

You can also use variables in the access_log directive to specify a dynamic log file name. For example, to create a separate log file for each day, you can use the $time_local variable like this:

access_log /var/log/nginx/access-$time_local.log custom;

Logging to external systems

In addition to the built-in log files and custom log formats, Nginx also supports logging to external systems such as syslog, Elasticsearch, and third-party log management services. This can be useful if you want to centralize your log data or if you want to use specialized tools for analyzing and visualizing your logs.

To enable logging to an external system, you can use the error_log and access_log directives with a special syslog: prefix. For example, to log errors to syslog, you can use a directive like this:

error_log syslog:server=localhost,facility=local7,tag=nginx,severity=error;

To log access data to syslog, you can use a similar directive:

access_log syslog:server=localhost,facility=local7,tag=nginx combined;

In this example, the server parameter specifies the syslog server to log to, the facility parameter specifies the syslog facility to use, the tag parameter specifies a custom tag to include in the log message, and the severity parameter specifies the severity level of the log message.

Related articles

Ruslan Osipov
Written by author: Ruslan Osipov