Bird
Raised Fist0
Nginxdevops~5 mins

Log format customization in Nginx - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Sometimes default logs do not show all the details you need. Customizing log format lets you choose exactly what information to record about each web request. This helps you understand traffic and troubleshoot issues better.
When you want to log the client IP, request time, and user agent in a specific order.
When you need to add extra details like request length or response status to your logs.
When you want to create logs that are easier to read or parse by other tools.
When you want to separate logs by format for different parts of your website.
When you want to reduce log size by excluding unnecessary information.
Config File - nginx.conf
nginx.conf
http {
    log_format custom_format '$remote_addr - $remote_user [$time_local] '
                             '"$request" $status $body_bytes_sent '
                             '"$http_referer" "$http_user_agent"';

    access_log /var/log/nginx/access.log custom_format;

    server {
        listen 80;
        server_name example.com;

        location / {
            root /usr/share/nginx/html;
            index index.html;
        }
    }
}

The log_format directive defines a new log format named custom_format. It specifies which variables to include and their order.

The access_log directive tells Nginx to use this custom format when writing logs to /var/log/nginx/access.log.

The server block defines a simple web server listening on port 80.

Commands
Check the Nginx configuration file for syntax errors before applying changes.
Terminal
sudo nginx -t
Expected OutputExpected
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Reload Nginx to apply the new log format without stopping the server.
Terminal
sudo systemctl reload nginx
Expected OutputExpected
No output (command runs silently)
View the last 3 lines of the access log to verify the new log format is in use.
Terminal
tail -n 3 /var/log/nginx/access.log
Expected OutputExpected
192.168.1.10 - - [27/Apr/2024:14:22:10 +0000] "GET /index.html HTTP/1.1" 200 1024 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" 192.168.1.11 - - [27/Apr/2024:14:22:15 +0000] "GET /style.css HTTP/1.1" 200 2048 "http://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)" 192.168.1.12 - - [27/Apr/2024:14:22:20 +0000] "POST /submit HTTP/1.1" 404 512 "http://example.com/form" "Mozilla/5.0 (Linux; Android 10)"
Key Concept

If you remember nothing else from this pattern, remember: defining a custom log format lets you control exactly what details Nginx records about each request.

Common Mistakes
Forgetting to reload Nginx after changing the log format.
Nginx continues using the old log format until reloaded, so changes have no effect.
Always run 'sudo systemctl reload nginx' after editing the configuration.
Using incorrect variable names in the log_format directive.
Nginx will fail to start or ignore the log format if variables are invalid.
Use only valid Nginx variables like $remote_addr, $status, $http_user_agent.
Not testing the configuration syntax before reloading.
Syntax errors can cause Nginx to fail to reload, leading to downtime.
Always run 'sudo nginx -t' to verify configuration before reload.
Summary
Define a custom log format in the nginx.conf file using the log_format directive.
Apply the custom format to the access log with the access_log directive.
Test the configuration syntax with 'nginx -t' and reload Nginx to apply changes.
Check the access log to confirm the new format is being used.

Practice

(1/5)
1. What is the purpose of the log_format directive in nginx?
easy
A. To define a custom format for access logs
B. To specify the location of error logs
C. To enable SSL encryption for logs
D. To set the maximum size of log files

Solution

  1. Step 1: Understand the role of log_format

    The log_format directive lets you create a custom pattern for how nginx records access logs.

  2. Step 2: Differentiate from other logging directives

    Other directives like error_log set error log location, not format. log_format is specifically for access log formatting.

  3. Final Answer:

    To define a custom format for access logs -> Option A

  4. Quick Check:

    log_format = custom access log format [OK]
Hint: log_format sets how access logs look, not location [OK]
Common Mistakes:
  • Confusing log_format with error_log
  • Thinking log_format sets log file size
  • Assuming log_format enables encryption
2. Which of the following is the correct syntax to define a custom log format named myformat that logs the client IP and request URI?
easy
A. log_format myformat = '$remote_addr $request_uri';
B. log_format myformat '$remote_addr $request_uri';
C. log_format myformat { $remote_addr $request_uri };
D. log_format myformat: '$remote_addr $request_uri';

Solution

  1. Step 1: Recall correct log_format syntax

    The correct syntax uses log_format name 'format_string'; with single quotes around variables.

  2. Step 2: Identify correct option

    log_format myformat '$remote_addr $request_uri'; matches this syntax exactly. Other options use invalid braces, equals, or colons.

  3. Final Answer:

    log_format myformat '$remote_addr $request_uri'; -> Option B

  4. Quick Check:

    Correct syntax uses single quotes and semicolon [OK]
Hint: Use single quotes and semicolon for log_format [OK]
Common Mistakes:
  • Using braces {} instead of quotes
  • Adding equals sign = incorrectly
  • Using colon : after format name
3. Given this nginx configuration snippet:
log_format custom '$remote_addr - $remote_user [$time_local] "$request" $status';
access_log /var/log/nginx/access.log custom;

What will be the output format of each log entry?
medium
A. Status code - Client IP [time] "request" user
B. User - Client IP [time] "request" status code
C. Client IP - user [time] "request" status code
D. Request - Client IP [time] "user" status code

Solution

  1. Step 1: Analyze the log_format string

    The format is: $remote_addr - $remote_user [$time_local] "$request" $status. This means client IP, dash, user, time, request, and status code in order.

  2. Step 2: Match format to options

    Client IP - user [time] "request" status code correctly describes the order and content of the log entry.

  3. Final Answer:

    Client IP - user [time] "request" status code -> Option C

  4. Quick Check:

    Variables order matches Client IP - user [time] "request" status code [OK]
Hint: Match variables order exactly to format string [OK]
Common Mistakes:
  • Mixing order of variables
  • Confusing $remote_user with $remote_addr
  • Ignoring quotes around $request
4. You wrote this configuration:
log_format mylog $remote_addr - $request_uri

But nginx fails to start. What is the error?
medium
A. Missing semicolon at the end
B. Missing quotes around the log format string
C. Incorrect variable name $request_uri
D. log_format directive cannot be used in http block

Solution

  1. Step 1: Check syntax requirements for log_format

    The log_format directive must end with a semicolon (;).

  2. Step 2: Identify the error in given config

    The string lacks the terminating semicolon, causing a syntax error.

  3. Final Answer:

    Missing semicolon at the end -> Option A

  4. Quick Check:

    Semicolon terminates the directive [OK]
Hint: Every nginx directive ends with semicolon [OK]
Common Mistakes:
  • Forgetting quotes around format string
  • Using wrong variable names
  • Omitting semicolon
5. You want to log the client IP, request method, and response time in seconds with 3 decimal places. Which custom log_format definition achieves this?
hard
A. log_format timed '$remote_addr $request_method $request_time'; access_log /var/log/nginx/timed.log timed if=$request_time;
B. log_format timed '$remote_addr $request_method $request_time sec';
C. log_format timed '$remote_addr $request_method $request_time';
D. log_format timed '$remote_addr $request_method $request_time'; access_log /var/log/nginx/timed.log timed;

Solution

  1. Step 1: Define log_format with required variables

    Use $remote_addr for client IP, $request_method for method, and $request_time for response time with decimals.

  2. Step 2: Apply the custom format in access_log

    To activate the format, use access_log with the format name and log file path.

  3. Final Answer:

    log_format timed '$remote_addr $request_method $request_time'; access_log /var/log/nginx/timed.log timed; -> Option D

  4. Quick Check:

    Define format and apply with access_log [OK]
Hint: Define format then apply with access_log [OK]
Common Mistakes:
  • Not applying log_format with access_log
  • Adding unnecessary text inside format
  • Using invalid if condition in access_log