Mastering Nginx Logging: Types, Uses, and Configuration Guide

1. Types of Nginx Logs

nginx can record three main logs: access, error, and rewrite. The access and error logs are provided by the ngx_http_log_module, while the rewrite log is provided by ngx_http_rewrite_module. Both modules are enabled by default.

2. Purpose of Nginx Logs

Access log : records the request processing details such as request type, time, client info, result, and duration, using the log_format directive to specify variables.

Error log : records nginx process start, stop, restart, and any errors that occur while handling requests.

Rewrite log : records the operation of rewrite rules, useful for debugging.

3. Configuring Nginx Logs

Access log : By default it is written to /usr/local/nginx/logs/access.log. It can be configured at http, server, location, if in location, and limit_except levels. Example directives:

access_log path [format [buffer=size [flush=time]]];
access_log path format gzip[=level] [buffer=size] [flush=time];
access_log syslog:server=address[,parameter=value] [format];
access_log off;

Explanation of parameters: path: file path, must be writable by the nginx worker. format: name of a log_format template. buffer: size of the memory buffer for logs. gzip: compress logs on disk; level sets compression intensity. flush: maximum time logs stay in the buffer. syslog: send logs to a syslog server, e.g.

access_log syslog:server=127.0.0.1,facility=local7,tag=nginx,severity=info;

off

: disables access logging.

Access log format : Defined with the log_format directive at the http level. The default is combined. Example: log_format name string ...; If access_log off; is not set, nginx uses the default combined format.

The following variables can be used in a log_format definition: $remote_addr: client IP address $http_x_forwarded_for: real client IP when behind load balancer or proxy $remote_user: authenticated client username $request: request line (method, URI, protocol) $status: response status code $body_bytes_sent: number of bytes sent to client, excluding headers $bytes_sent: total bytes sent to client $connection: connection serial number $msec: time the log entry is written, in seconds with millisecond precision $pipe: “p” if request was pipelined, otherwise “.” $http_referer: referring page URL $http_user_agent: client browser information $request_length: length of the request including headers and body $request_time: time taken to process the request, in seconds with millisecond precision $time_iso8601: local time in ISO 8601 format $time_local: local time in the common log format

Additional Log‑Related Directives

open_log_file_cache : caches opened log files to avoid opening/closing on each write. Syntax:

open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time];

Default is off. Example:

open_log_file_cache max=1000 inactive=20s valid=1m min_uses=2;

log_not_found : controls whether “not found” errors are written to error_log. Default on. Syntax: log_not_found on|off; log_subrequest : decides if sub‑requests are logged in access_log. Default off. Syntax: log_subrequest on|off; rewrite_log : enables logging of rewrite rule processing to error_log. Default off. Syntax: rewrite_log on|off; error_log : sets the error log file and severity level. Can be placed in main, http, server, or location contexts. Example:

error_log file|stderr|syslog:server=address[,parameter=value] [debug|info|notice|warn|error|crit|alert|emerg];

Default:

error_log logs/error.log error;