Introduction to Nginx log management
- 2020-05-15 03:37:31
- OfStack
Nginx log description
Through the access log, you can get the user's geographical source, jump source, user terminal, a certain URL page view and other relevant information. With error logging, you can get information about a service on your system or performance bottlenecks on server. Therefore, put your journal to good use and you can get a lot of valuable information.
Detail list of parameters:
| $remote_addr | 客户端的ip地址(代理服务器,显示代理服务ip) |
| $remote_user | 用于记录远程客户端的用户名称(1般为“-”) |
| $time_local | 用于记录访问时间和时区 |
| $request | 用于记录请求的url以及请求方法 |
| $status | 响应状态码,例如:200成功、404页面找不到等。 |
| $body_bytes_sent | 给客户端发送的文件主体内容字节数 |
| $http_user_agent | 用户所使用的代理(1般为浏览器) |
| $http_x_forwarded_for | 可以记录客户端IP,通过代理服务器来记录客户端的ip地址 |
| $http_referer | 可以记录用户是从哪个链接访问过来的 |
Nginx log separation
nginx's log files do not have rotate functionality. Write to generate 1 log per day, we can write 1 nginx log cutting script to automatically cut log files.
The first step is to rename the log file without worrying that nginx will lose the log if it cannot find the log file after the rename. nginx will still log to the file you renamed until you reopen the log file with the original name. Linux USES file descriptors instead of file names to locate files.
Step 2 sends an USR1 signal to the nginx main process. Upon receiving the signal, the nginx main process reads the log file name from the configuration file, re-opens the log file (named after the log name in the configuration file), and takes the user of the worker process as the owner of the log file. When the log file is reopened, the nginx main process closes the log file with the same name and notifies the worker process to use the newly opened log file. The worker process immediately opens the new log file and closes the log file with the same name. Then you can work with the old log files. Or restart the nginx service.
Nginx log format
Open nginx. conf configuration file: vim usr/local nginx/conf/nginx conf
Looking at the nginx.conf file for Nginx, you can see a message like this
#access_log logs/access.log main;
This shows the server access log files is logs/host access. log, using the format of "main" format.
The log is generated into the Nginx root logs/ access.log file, which USES the "main" log format by default, or you can customize the format.
main format
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# Parameter interpretation
$remote_addr The client IP Address;
$remote_user Client user name;
$time_local Time and time zone of visit;
$request The type of access request, POST or GET ;
$status Record the request status, 404 , 304 , 200 And so on;
$body_bytes_sent The size of the main content of the file sent by the client to the server;
$http_referer Access source - from which link;
$http_user_agent User agent information, 1 Browser tags, sometimes crawler tags.
$http_x_forwarded_for Access the server directly IP Address, probably the client IP It could be a proxy server IP
# application main Log instance of the format
47.97.66.214 - - [05/May/2018:02:18:26 +0800] "GET /solr/ HTTP/1.1" 404 571 "http://44.186.245.237/solr/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, li Gecko) Chrome/59.0.3071.115 Safari/537.36"
47.97.66.214 - - [05/May/2018:02:18:26 +0800] "GET /wcm/ HTTP/1.1" 404 571 "http://44.186.245.237/wcm/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, li Gecko) Chrome/59.0.3071.115 Safari/537.36"
80.82.78.50 - - [05/May/2018:03:53:56 +0800] "GET http://www.baidu.com/ HTTP/1.1" 404 169 "-" "Mozilla"
112.193.171.197 - - [05/May/2018:06:52:06 +0800] "GET http://www.rfa.org/ HTTP/1.1" 200 462 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-693.11.1.el7.x86_64"
In addition to the main format, you can customize other formats by simply recombining the above parameters.
The default log of nginx is stored in logs/ access.log, but it is also allowed to make different log for different server, just add the following statement under the corresponding server
access_log logs/access_8080.log mylog;
# The statement 1 a log #log Store the directory and name #log format ( Can be customized )After modifying nginx.conf, you need to restart Nginx for the configuration to take effect
conclusion