Nginx logs

Last Updated: Jul 25, 2017

The Nginx log format and directory are specified in the /etc/nginx/nginx.conf configuration file.

Log format

  1. log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  2. '$request_time $request_length '
  3. '$status $body_bytes_sent "$http_referer" '
  4. '"$http_user_agent"';

Above, the main log format is defined.

The following statement defines how to use the main log format and defines the name of the file where to write the log data.

  1. access_log /var/logs/nginx/access.log main

Sample log:

  1. - - [10/Jul/2015:15:51:09 +0800] "GET /ubuntu.iso HTTP/1.0" 0.000 129 404 168 "-" "Wget/1.11.4 Red Hat modified"

Nginx log format details:

Field Explanation
remoteaddr The IP address of the agent.
remote_user The username of the agent.
request The requested URL and HTTP protocol.
status The request status.
bodybytessent The number of bytes (not including the size of the response header) sent to the agent. This variable is used with bytes_sent in modlogconfig of the Apache module.
connection The connection serial number.
connection_requests The number of requests received over a connection.
msec The log write time, measured in seconds and precise to milliseconds.
pipe Whether requests are sent via the HTTP pipeline. p indicates requests are sent via the HTTP pipeline. . indicates requests are not sent via the HTTP pipeline.
httpreferer The webpage link from which access is directed.
“http_user_agent” Information about the agent’s browser. http_user_agent must be enclosed by double quotation marks.
requestlength The length of a request, including the request line, request header, and request body.
request_time The request processing time, which is measured in seconds and precise to milliseconds. The time starts when the first byte is sent to the agent and ends when the logs are written after the last character is sent to the agent.
[$time_local] The local time when the general log format is applied. This variable must be enclosed in brackets.

Nginx log collection by Log Service

For details about the standard process, refer to Quick start. Manually adjust the regular expression after it is automatically generated.


After the regular expression generator extracts all the fields, set the name of each field and adjust the regular expression for general applicability. Click Manual Input Regular Expression to adjust as follows.


The request_length and body_bytes_sent fields are numeric, but can be filled in with a hyphen. In this case, replace the matched result (\d+) with (\S+). If other fields do not belong to the defined type, make similar replacements.

After replacing, click Validate. If the regular expression is correct, extracted results are displayed. Adjsut the regular expression if it is incorrect.


Regular Expression for this case:

  1. (\S+)\s-\s-\s\[(\S+)\s[^\]]+\]\s"(\S+)\s(\S+)\s(\S+)"\s(\S+)\s(\S+)\s(\S+)\s(\S+)\s"([^"]+)"\s"([^"]+)"
Thank you! We've received your feedback.