1. Home
  2. Logs
  3. Web Servers
  4. A Guide to NGINX Access and Error Logs

A Guide to NGINX Access and Error Logs

NGINX is among the most widely used web servers today, powering nearly 35% of all websites according to recent statistics by W3Techs. Given its popularity, it’s essential to understand how NGINX handles logging, as logs are critical for monitoring server performance, identifying issues, and enhancing security.

NGINX maintains two main types of logs:

  1. Access Logs – Capture details of all incoming requests.
  2. Error Logs – Record server-side errors and issues.

This guide will walk you through the structure, configuration, and practical use cases of both log types.

Log & Configuration File Locations

Before diving into specific log formats and usage, it’s helpful to know where NGINX stores its logs and configuration files:

DescriptionLocation
Log Files/var/log/nginx/
Configuration File/etc/nginx/nginx.conf

Understanding NGINX Access Logs

What Are Access Logs?

Access logs record all incoming HTTP requests made to your server. They provide valuable insights into:

  • Visitor behavior (e.g., pages viewed, resources requested)
  • Client details (e.g., IP addresses, user agents)
  • Traffic sources and referral URLs

Access logs are essential for traffic analysis, debugging, and detecting potential security threats.

Configuring Access Logs

By default, NGINX uses a standard format defined in the main configuration file (nginx.conf) using the access_log directive:

http {
    access_log /var/log/nginx/access.log;
}

Customizing the Access Log Format

The default log format (combined) records the following information:

log_format combined '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent"';

To tailor logs to your needs, you can create a custom format. For example, to include X-Forwarded-For (often used with proxies), use:

log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

Then, update your configuration:

http {
    access_log /var/log/nginx/access.log custom;
}

Sample Access Log Entry

A typical access log entry looks like this:

192.168.33.1 - - [15/Oct/2019:19:41:46 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Linux x86_64)"

Here’s a breakdown of its components:

FieldExampleDescription
$remote_addr192.168.33.1Client IP address
$remote_userAuthenticated user (if any)
$time_local[15/Oct/2019:19:41:46 +0000]Server time
$requestGET / HTTP/1.1HTTP method, path, and protocol
$status200HTTP response status code
$body_bytes_sent396Size of response body in bytes
$http_refererReferrer URL
$http_user_agentMozilla/5.0 …Client’s user agent string

Understanding NGINX Error Logs

What Are Error Logs?

Error logs capture all issues that NGINX encounters, such as configuration errors, server crashes, or runtime failures. These logs are crucial for troubleshooting and improving server stability.

Configuring Error Logs

The error_log directive in the nginx.conf file defines where error logs are stored and their level of detail:

http {
    error_log /var/log/nginx/error.log warn;
}

Error Log Levels

NGINX supports 8 levels of severity:

LevelDescription
emergCritical system issues requiring immediate attention
alertAlerts requiring urgent intervention
critCritical conditions that need immediate fixing
errorGeneral server errors
warnWarnings that may indicate potential issues
noticeNormal but significant conditions
infoInformational messages
debugDetailed debug information

Sample Error Log Entry

An example of an error log entry:

2022/05/14 19:55:51 [error] 6689#6689: *16764375 FastCGI sent in stderr: "PHP Warning: Division by zero in /var/www/html/my.php on line 438"

Common Error Types

Some typical NGINX error messages include:

ErrorDescription
FastCGI sent in stderrErrors from FastCGI processes (often related to PHP applications)
PHP message: PHP WarningIssues related to PHP scripts
SSL_do_handshake() failedSSL handshake failure (can occur frequently on busy servers)

Configuring Logs by Domain

In cases where your NGINX server hosts multiple domains, it’s often useful to separate logs per domain. This can be achieved using the server block in your configuration:

http {
    server {
        listen 80;
        server_name domain1.com;
        access_log /var/log/nginx/domain1.access.log;
        error_log /var/log/nginx/domain1.error_log warn;
    }
    server {
        listen 80;
        server_name domain2.com;
        access_log /var/log/nginx/domain2.access.log;
        error_log /var/log/nginx/domain2.error_log debug;
    }
}

In this example:

  • domain1.com logs warnings.
  • domain2.com logs debug information for more detailed analysis.

Understanding and leveraging NGINX logs is vital for maintaining your server’s performance, diagnosing issues, and ensuring security. By customizing log formats and configuring logs per domain, you can gain deeper insights into your server’s activity and optimize its performance.

Use this guide to enhance your NGINX logging configuration and improve your server management skills.

Updated on November 14, 2024
Was this article helpful?

Related Articles