Tips / Nginx

How to Customize Nginx Web Logs

Web logs are one of the important keys to understanding how HTTP requests work in real life. They’re also a great tool to analyze and debug errors in your online applications.

Nginx offers great login features, and today you will learn how to configure and customize Nginx logs to make them easy to read and understand.

Customizing Nginx Logs with log_format Directive

log_format is the Nginx directive that will allow you to create your own access log configuration using CLF. CLF means “combined log format,” and allows you to combine different types of information that are coming from the HTTP request in one single line.


log_format combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

Understanding Your CLF Configuration

Consider the following:

log_format is the nginx directive.
combined is the name that you give to this custom log format.
$remote_addr is the IP address of the visitor
$remote_user is the authenticated user (if any)
$time_local is time of the request
$request is the first line of the request
$status is the HTTP status of the request
$body_bytes_sent is the size (in bytes) of server's response
$http_referer is the referrer URL
$http_user_agent detects the user agent used by the client

A real life request logged by this configuration would look like this:

201.217.xx.xx - - [01/Oct/2015:08:46:48 -0400] "HEAD /wp-login.php HTTP/1.1" 200 0 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36"

What is This Log Saying?

201.217.xx.xx is the IP address from the visitor.
[01/Oct/2015:08:46:48 -0400] is the time of the request.
HEAD /wp-login.php HTTP/1.1 is the first line of the requested URL.
200 is the HTTP status code, which is OK in this case.… is the referrer URL
Mozilla/5.0 (X11; Linux x86_64… is the User Agent, from which the request came.

Setting Up the CLF on Nginx

Make sure to place your CLF at the beginning of the http {} block:

http {
log_format myclf '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';

In this case, “myclf” was used in the log configuration; this will be useful in the next step.

Finally, inside the server {} block, you can define the access log as usual. At the end, add the name of the CLF you created before:

server {
access_log /spool/logs/nginx-access.log myclf;

Restart Nginx to apply the changes:

service nginx restart


Setting up your own custom web logs is pretty easy. Just make sure to define the CLF in the HTTP block {}, and then call it from the access_log directive inside your server {} block configuration.

You can try different combinations besides the one described here; view Nginx Official docs for CLF.

Popular search terms:

  • nginx custom login screen
  • nginx log configuration visitor
  • nginx log_format
  • nginx modify logs

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking