Nginx: Custom access log format and error levels

Nginx is a powerful application level proxy server.  Whether for troubleshooting or analysis, enabling log levels and custom formats for the access/error logs is a common requirement.

Error Logs

By default, only messages in the error category are logged.  If you want to enable more details, then modify nginx.conf like:

error_log file [level]

Enabling debug level on Linux would usually look like:

error_log /var/log/nginx/error.log debug;

Access Logs

Access logs and their format are also customized in nginx.conf.  By default, if no format is specified then the combined format is used.

access_log file [format]

So the most common syntax on a Linux system looks like:

access_log /var/log/nginx/access.log;

Which is the equivalent of explicitly specifying the combined format like below:

# note that the log_format directly below is a single line
log_format mycombined '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log mycombined;

Using the combined log format can be very convenient since so many log analysis tools (e.g. ELK or splunk) have pre-built filters for consuming these logs.  However, when there is a need, such as when Nginx is listening on multiple ports and you need to know which port the traffic arrived on, then it makes sense to deviate from the combined format.

For example, if you wanted to add the arriving traffic port, then you would use the $server_port variable and your nginx.conf would look like:

log_format mycombinedplus '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $server_port';
access_log /var/log/nginx/access.log mycombinedplus;

Other available variables can be found in the documentation here.



Parsing access.log and error.logs using linux commands