Bird
Raised Fist0
Nginxdevops~10 mins

Access log configuration in Nginx - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Process Flow - Access log configuration
Start nginx config
Define access_log directive
Specify log file path
Specify log format (optional)
Reload nginx to apply
Access log records requests
Log file updated with request info
This flow shows how nginx reads the access_log directive, applies the settings, and writes request info to the log file.
Execution Sample
Nginx
access_log /var/log/nginx/access.log combined;

# Reload nginx
sudo nginx -s reload
Configures nginx to log requests to /var/log/nginx/access.log using the 'combined' format, then reloads nginx to apply.
Process Table
StepActionConfiguration LineEffectLog File State
1Read config fileaccess_log /var/log/nginx/access.log combined;Sets log path and formatNo log entries yet
2Reload nginxsudo nginx -s reloadApplies new configNo log entries yet
3Receive HTTP requestN/ARequest processedNo log entries yet
4Write log entryN/ALog request detailsOne new entry added
5Receive another requestN/ARequest processedTwo entries in log file
6StopN/ANo more requestsLog file contains all request entries
💡 No more requests to log, nginx continues running
Status Tracker
VariableStartAfter Step 4After Step 5Final
access_log_pathundefined/var/log/nginx/access.log/var/log/nginx/access.log/var/log/nginx/access.log
log_entries_count0122
Key Moments - 2 Insights
Why doesn't the log file have entries immediately after reloading nginx?
Because nginx writes to the log file only when it processes HTTP requests, as shown in steps 3 and 4 of the execution_table.
What happens if the log file path is incorrect or not writable?
Nginx will fail to write log entries, so the log file won't update. This is why specifying a correct path and permissions is important before reloading nginx.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step does nginx first write a log entry?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Check the 'Effect' and 'Log File State' columns in execution_table rows.
According to variable_tracker, how many log entries are there after step 5?
A2
B1
C0
D3
💡 Hint
Look at the 'log_entries_count' row after Step 5.
If the access_log directive is removed and nginx is reloaded, what happens to logging?
ALogging continues as before
BLogging stops, no new entries are written
CNginx fails to reload
DLog file is deleted
💡 Hint
Think about what the access_log directive controls as shown in the concept_flow.
Concept Snapshot
access_log /path/to/logfile format;
- Defines where nginx writes request logs
- 'combined' is a common log format
- Must reload nginx to apply changes
- Logs update only when requests arrive
- Ensure log file path is writable
Full Transcript
This visual execution shows how nginx processes the access_log configuration. First, nginx reads the access_log directive specifying the log file path and format. Then, after reloading nginx, the new settings take effect. When nginx receives HTTP requests, it writes details to the specified log file. The log file starts empty and gains entries as requests come in. Variables tracked include the log file path and the count of log entries. Key points include understanding that logs only appear after requests and that the log file path must be valid and writable. The quizzes test understanding of when logs are written and the effect of configuration changes.

Practice

(1/5)
1. What is the main purpose of the access_log directive in nginx?
easy
A. To record details of every request made to the server
B. To block unwanted IP addresses
C. To restart the nginx service
D. To configure server SSL certificates

Solution

  1. Step 1: Understand the role of access logs

    Access logs keep track of every request made to the server, helping monitor traffic and troubleshoot issues.

  2. Step 2: Identify the function of access_log

    The access_log directive in nginx specifies where and how these request details are recorded.

  3. Final Answer:

    To record details of every request made to the server -> Option A

  4. Quick Check:

    Access logs = record requests [OK]
Hint: Access logs always record requests, not block or restart [OK]
Common Mistakes:
  • Confusing access_log with security or restart commands
  • Thinking access_log blocks IPs
  • Assuming access_log manages SSL
2. Which of the following is the correct syntax to enable access logging to a file named /var/log/nginx/access.log with the default format?
easy
A. access_log /var/log/nginx/access.log off;
B. access_log /var/log/nginx/access.log default;
C. access_log /var/log/nginx/access.log main;
D. access_log /var/log/nginx/access.log;

Solution

  1. Step 1: Recall default access_log syntax

    The access_log directive requires the log file path and optionally a format. If no format is given, the default is used.

  2. Step 2: Analyze each option

    access_log /var/log/nginx/access.log main; uses 'main' which is predefined but different from the default 'combined'; access_log /var/log/nginx/access.log default; uses 'default' which is not a valid format name; access_log /var/log/nginx/access.log; correctly specifies only the file path, using default format implicitly; access_log /var/log/nginx/access.log off; disables logging with 'off'.

  3. Final Answer:

    access_log /var/log/nginx/access.log; -> Option D

  4. Quick Check:

    Default format = omit format name [OK]
Hint: Omit format name to use default logging [OK]
Common Mistakes:
  • Using invalid format names like 'default'
  • Adding 'off' disables logging
  • Using 'main' which is not the default format
3. Given this nginx config snippet:
access_log /var/log/nginx/access.log custom_format;
log_format custom_format '$remote_addr - $remote_user [$time_local] "$request" $status';

What will be logged for a request from IP 192.168.1.10 with user 'john' requesting GET /home and status 200?
medium
A. john - 192.168.1.10 [time] "GET /home" 200
B. 192.168.1.10 - john [time] "GET /home" 200
C. 192.168.1.10 - - [time] "GET /home" 200
D. 192.168.1.10 john [time] GET /home 200

Solution

  1. Step 1: Understand the log_format string

    The format is: $remote_addr - $remote_user [$time_local] "$request" $status. This means IP, dash, username, time, request in quotes, and status code.

  2. Step 2: Substitute values from the request

    IP is 192.168.1.10, user is 'john', request is 'GET /home', status is 200. Time is shown as [time] placeholder.

  3. Final Answer:

    192.168.1.10 - john [time] "GET /home" 200 -> Option B

  4. Quick Check:

    Format matches IP - user [time] "request" status [OK]
Hint: Match variables exactly as in log_format string [OK]
Common Mistakes:
  • Mixing order of IP and user
  • Omitting dashes or quotes
  • Confusing $remote_user with $remote_addr
4. You configured access_log /var/log/nginx/access.log combined; but no logs appear. What is the most likely error?
medium
A. The 'combined' log format is not defined in nginx config
B. The log file path is incorrect
C. The access_log directive disables logging by default
D. Nginx does not support custom log formats

Solution

  1. Step 1: Understand the 'combined' format usage

    'combined' is a common log format but must be defined with log_format directive in nginx config before use.

  2. Step 2: Analyze why logs don't appear

    If 'combined' is not defined, nginx ignores the logging directive or fails silently, so no logs are written.

  3. Final Answer:

    The 'combined' log format is not defined in nginx config -> Option A

  4. Quick Check:

    Undefined format = no logs [OK]
Hint: Define custom formats before using them in access_log [OK]
Common Mistakes:
  • Assuming 'combined' is built-in by default
  • Ignoring file permission issues
  • Thinking access_log disables logging by default
5. You want to log only requests with status code 400 or higher to /var/log/nginx/error_access.log and all requests to the default access log. Which configuration snippet achieves this?
hard
A. access_log /var/log/nginx/access.log; access_log /var/log/nginx/error_access.log combined if=$status > 399;
B. access_log /var/log/nginx/access.log; access_log /var/log/nginx/error_access.log combined if=$status >= 400;
C. map $status $log_error { ~^[4-9] 1; default 0; } access_log /var/log/nginx/access.log; access_log /var/log/nginx/error_access.log combined if=$log_error;
D. access_log /var/log/nginx/access.log; access_log /var/log/nginx/error_access.log combined if=$status eq 400;

Solution

  1. Step 1: Understand conditional logging in nginx

    nginx supports conditional logging using the if= parameter with variables and expressions.

  2. Step 2: Use a map to create a variable for status >= 400

    Direct comparisons like '$status >= 400' are not supported in if=. Instead, a map is used to set a variable $log_error to 1 for status codes 400 and above.

  3. Step 3: Apply conditional logging using the variable

    Use if=$log_error in the access_log directive to log only those requests.

  4. Final Answer:

    map $status $log_error { ~^[4-9] 1; default 0; } access_log /var/log/nginx/access.log; access_log /var/log/nginx/error_access.log combined if=$log_error; -> Option C

  5. Quick Check:

    Conditional logging requires map + if= variable [OK]
Hint: Use map to create condition variable for logging [OK]
Common Mistakes:
  • Trying to use direct comparison in if= condition
  • Not defining a map for conditional logging
  • Expecting nginx to parse expressions in if= directly