nginx的日志分为log_format和access_log两个控制参数
log_format 用来定义记录日志的格式(可以定义多种日志格式,取不同的名字)。
access_log 用来指定日志文件的路径及使用何种日志格式记录日志。
语法格式
Syntax: access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]]; access_log off; Default: access_log logs/access.log combined; Context: http, server, location, if in location, limit_except
案例配置
log_format compression '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" "$gzip_ratio"'; access_log /spool/logs/nginx-access.log compression buffer=32k;
测试案例
nginx.conf的配置文件
user www; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
重新加载配置文件后,访问nginx,nginx日志的内容
[root@node1 conf]# cat /usr/local/nginx/logs/access.log 10.0.0.1 - - [07/Sep/2020:21:21:32 +0800] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36" 10.0.0.1 - - [07/Sep/2020:21:21:32 +0800] "GET /favicon.ico HTTP/1.1" 404 555 "http://10.0.0.101/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36" 10.0.0.101 - - [08/Sep/2020:19:23:58 +0800] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" 10.0.0.101 - - [08/Sep/2020:19:24:03 +0800] "GET /bbs HTTP/1.1" 404 153 "-" "curl/7.29.0" 10.0.0.101 - - [08/Sep/2020:19:24:08 +0800] "GET /bbs HTTP/1.1" 404 153 "-" "curl/7.29.0" 10.0.0.101 - - [08/Sep/2020:19:24:16 +0800] "GET /bbs HTTP/1.1" 301 169 "-" "curl/7.29.0" 10.0.0.101 - - [08/Sep/2020:19:24:24 +0800] "GET /bbs HTTP/1.1" 301 169 "-" "curl/7.29.0" 10.0.0.101 - - [08/Sep/2020:19:24:24 +0800] "GET /bbs/ HTTP/1.1" 200 5 "-" "curl/7.29.0" 10.0.0.102 - - [09/Sep/2020:16:48:33 +0800] "GET / HTTP/1.1" 200 16 "-" "curl/7.29.0" 10.0.0.102 - - [09/Sep/2020:16:50:30 +0800] "GET / HTTP/1.1" 200 16 "-" "curl/7.29.0" 10.0.0.103 - - [09/Sep/2020:16:52:45 +0800] "GET / HTTP/1.1" 200 16 "-" "curl/7.29.0" 10.0.0.103 - - [09/Sep/2020:16:54:27 +0800] "GET / HTTP/1.1" 403 153 "-" "curl/7.29.0"
nginx 的默认访问日志记录内容相对比较单一,默认的格式也不方便后期做日志统计分析,生产环境中通常将nginx日志转换为json日志,然后配合使用ELK做日志收集-统计-分析
log_format access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' '"http_host":"$host",' '"uri":"$uri",' '"domain":"$host",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}'; access_log /apps/nginx/logs/access_json.log access_json;
json格式的访问日志示例:
{"@timestamp":"2019-02- 22T08:55:32+08:00","host":"192.168.7.102","clientip":"192.168.0.1","size":162,"resp onsetime":0.000,"upstreamtime":"-","upstreamhost":"- ","http_host":"www.magedu.net","uri":"/favicon.ico","domain":"www.magedu.net","xff" :"-","referer":"-","tcp_xff":"","http_user_agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0","status":"404"}
json格式的日志访问统计
#cat nginx_json.py #!/usr/bin/env python #coding:utf-8 status_200= [] status_404= [] with open("access_json.log") as f: for line in f.readlines(): line = eval(line) if line.get("status") == "200": status_200.append(line.get) elif line.get("status") == "404": status_404.append(line.get) else: print("状态码 ERROR") f.close() print "状态码200的有--:",len(status_200) print "状态码404的有--:",len(status_404) # python nginx_json.py 状态码200的有--: 1910 状态码404的有--: 13
nginx日志缓存
Syntax: open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time]; open_log_file_cache off; Default: open_log_file_cache off; Context: http, server, location
定义一个缓存,用于存储名称中包含变量的常用日志的文件描述符
max:缓存的最大文件描述符数量
min_uses:在inactive指定的时长内访问大于等于此值方可被当作活动项
inactive:非活动时长
valid:验证缓存中各缓存项是否为活动项的时间间隔
关于favicon.ico
favicon.ico 文件是浏览器收藏网址时显示的图标,当使用浏览器访问页面时,浏览器会自己主动发起请求获取页面的favicon.ico文件,但是当浏览器请求的favicon.ico文件不存在时,服务器会记录404日志,而且浏览器也会显示404报错 解决方案: 服务器不记录访问日志: location = /favicon.ico { log_not_found off; #文件没发现事件不记录error_log access_log off; #不记录access_log } 将图标保存到指定目录访问: #location ~ ^/favicon.ico$ { location = /favicon.ico { root /data/nginx/html/pc/images; }