NGINX is among the most widely used web servers today, powering nearly 35% of all websites according to recent statistics by W3Techs. Given its popularity, it’s essential to understand how NGINX handles logging, as logs are critical for monitoring server performance, identifying issues, and enhancing security.
NGINX maintains two main types of logs:
- Access Logs – Capture details of all incoming requests.
- Error Logs – Record server-side errors and issues.
This guide will walk you through the structure, configuration, and practical use cases of both log types.
Log & Configuration File Locations
Before diving into specific log formats and usage, it’s helpful to know where NGINX stores its logs and configuration files:
Description | Location |
---|---|
Log Files | /var/log/nginx/ |
Configuration File | /etc/nginx/nginx.conf |
Understanding NGINX Access Logs
What Are Access Logs?
Access logs record all incoming HTTP requests made to your server. They provide valuable insights into:
- Visitor behavior (e.g., pages viewed, resources requested)
- Client details (e.g., IP addresses, user agents)
- Traffic sources and referral URLs
Access logs are essential for traffic analysis, debugging, and detecting potential security threats.
Configuring Access Logs
By default, NGINX uses a standard format defined in the main configuration file (nginx.conf
) using the access_log
directive:
http {
access_log /var/log/nginx/access.log;
}
Customizing the Access Log Format
The default log format (combined
) records the following information:
log_format combined '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
To tailor logs to your needs, you can create a custom format. For example, to include X-Forwarded-For
(often used with proxies), use:
log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
Then, update your configuration:
http {
access_log /var/log/nginx/access.log custom;
}
Sample Access Log Entry
A typical access log entry looks like this:
192.168.33.1 - - [15/Oct/2019:19:41:46 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Linux x86_64)"
Here’s a breakdown of its components:
Field | Example | Description |
---|---|---|
$remote_addr | 192.168.33.1 | Client IP address |
$remote_user | – | Authenticated user (if any) |
$time_local | [15/Oct/2019:19:41:46 +0000] | Server time |
$request | GET / HTTP/1.1 | HTTP method, path, and protocol |
$status | 200 | HTTP response status code |
$body_bytes_sent | 396 | Size of response body in bytes |
$http_referer | – | Referrer URL |
$http_user_agent | Mozilla/5.0 … | Client’s user agent string |
Understanding NGINX Error Logs
What Are Error Logs?
Error logs capture all issues that NGINX encounters, such as configuration errors, server crashes, or runtime failures. These logs are crucial for troubleshooting and improving server stability.
Configuring Error Logs
The error_log
directive in the nginx.conf
file defines where error logs are stored and their level of detail:
http {
error_log /var/log/nginx/error.log warn;
}
Error Log Levels
NGINX supports 8 levels of severity:
Level | Description |
---|---|
emerg | Critical system issues requiring immediate attention |
alert | Alerts requiring urgent intervention |
crit | Critical conditions that need immediate fixing |
error | General server errors |
warn | Warnings that may indicate potential issues |
notice | Normal but significant conditions |
info | Informational messages |
debug | Detailed debug information |
Sample Error Log Entry
An example of an error log entry:
2022/05/14 19:55:51 [error] 6689#6689: *16764375 FastCGI sent in stderr: "PHP Warning: Division by zero in /var/www/html/my.php on line 438"
Common Error Types
Some typical NGINX error messages include:
Error | Description |
---|---|
FastCGI sent in stderr | Errors from FastCGI processes (often related to PHP applications) |
PHP message: PHP Warning | Issues related to PHP scripts |
SSL_do_handshake() failed | SSL handshake failure (can occur frequently on busy servers) |
Configuring Logs by Domain
In cases where your NGINX server hosts multiple domains, it’s often useful to separate logs per domain. This can be achieved using the server block in your configuration:
http {
server {
listen 80;
server_name domain1.com;
access_log /var/log/nginx/domain1.access.log;
error_log /var/log/nginx/domain1.error_log warn;
}
server {
listen 80;
server_name domain2.com;
access_log /var/log/nginx/domain2.access.log;
error_log /var/log/nginx/domain2.error_log debug;
}
}
In this example:
- domain1.com logs warnings.
- domain2.com logs debug information for more detailed analysis.
Understanding and leveraging NGINX logs is vital for maintaining your server’s performance, diagnosing issues, and ensuring security. By customizing log formats and configuring logs per domain, you can gain deeper insights into your server’s activity and optimize its performance.
Use this guide to enhance your NGINX logging configuration and improve your server management skills.