nginx的Web日志

kokogood 2010-11-16

展开全文

You can create your own custom formats for nginx web logs, to record more information or to make them easier to read.您可以创建自己的网络日志nginx的，自定义格式来记录更多的信息，或者使它们更容易阅读。 Here's how.这里的如何。

Changing the log format更改日志格式

If you know how to read web logs then you may have an idea of how you would want to write them differently — maybe add a little here, trim a little out there, switch the order around a bit.如果你知道如何阅读网络日志 ，你可能有不同的想法你将如何想把它们写-也许在这里加一点，那里一点修剪，切换了一下周围秩序。 Luckily, you can do that with the access logs through a couple built-in commands and a handful of log variables.幸运的是，你可以做到这一点的访问日志，通过一个内置的情侣在命令和变量的日志少数。

log_format log_format

Nginx's "log_format" directive is what lets you define your own access log setup. Nginx的“log_format”指令是什么让你定义自己的访问日志设置。 Let's look at how that directive would be used to define the combined log format (CLF):让我们来看看如何将使用该指令来定义组合日志格式（CLF）的：

log_format combined '$remote_addr - $remote_user [$time_local]  ' log_format结合'$的REMOTE_ADDR - $ REMOTE_USER的[$ time_local]'
'"$request" $status $body_bytes_sent ' '“$要求”$状态$ body_bytes_sent'
'"$http_referer" "$http_user_agent"'; '“$ http_referer”“$ http_user_agent”';

The first argument gives a nickname to the log format you're creating.第一个参数给出了一个你的日志格式创建的昵称。 In this case it's "combined", a definition for the default combined log format.在这种情况下，它的“组合拳”，为组合日志格式的默认定义。

The second argument, in single quotes (and broken up across a few lines for readability), is the string that defines the log format itself.第二个参数，在单引号（为便于阅读和破碎的跨越几行了），是字符串，它定义日志格式本身。

The format string contains a bunch of placeholders that describe the data to be included in the log.格式字符串包含一个占位符，描述的数据将在日志中包含一堆。 That first one, for example, is "$remote_addr" and represents the IP address of the visitor (the identifier for their host).这第一个，例如，“$的REMOTE_ADDR”，代表了游客（为他们的主机标识符）的IP地址。 A bit further on, "$time_local" represents the time of the request.远一些的，“$ time_local”表示请求的时间。

Components of the CLF元件的全立

Let's look at that CLF format string side-by-side with an access log entry in the format:让我们来看看这振江格式字符串并排与格式中的一个访问日志条目的一面：

$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" 123.65.150.10 - - [23/Aug/2010:03:50:59 +0000] "POST /wordpress3/wp-admin/admin-ajax.php HTTP/1.1" 200 2 "http://www./wordpress3/wp-admin/post-new.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.25 Safari/534.3" $的REMOTE_ADDR - $ REMOTE_USER的[$ time_local]“$要求”$状态$ body_bytes_sent“$ http_referer”“$ http_user_agent”123.65.150.10 - - [23/Aug/2010：3点50分59秒0000]“邮政/ wordpress3 / wp-admin/admin-ajax.php HTTP/1.1的“200 2”http://www./wordpress3/wp-admin/post-new.php“”Mozilla/5.0（Macintosh的; ü，英特尔的Mac OS X 10_6_4;恩美）AppleWebKit/534.3（KHTML的，像壁虎）Chrome/6.0.472.25 Safari/534.3“

Okay, they don't look too pretty together, but there is a correlation between each element in the format string and the components of the log entry below it.好了，他们不看太漂亮了一起，但彼此之间有一个格式字符串中的元素和它下面的日志条目的相关组件。 Breaking down what the stuff in the format string means:打破什么东西格式字符串中的意思是：

$remote_addr        The remote host $的REMOTE_ADDR远程主机
$remote_user        The authenticated user (if any) $ REMOTE_USER的身份验证的用户（如果有的话）
$time_local         The time of the access $ time_local时间的访问
$request            The first line of the request $请求的请求的第一行
$status             The status of the request $地位的请求的状态
$body_bytes_sent    The size of the server's response, in bytes $ body_bytes_sent的服务器的响应的大小，以字节为单位
$http_referer       The referrer URL, taken from the request's headers $ http_referer的引用网址，从请求的标头采取的
$http_user_agent    The user agent, taken from the request's headers $ http_user_agent用户代理，从请求的标头采取的

So reading along, we see that in place of "$remote_addr" is "123.65.150.10" - the remote host.因此，阅读一直以来，我们看到，在地方“$的REMOTE_ADDR”是“123.65.150.10” - 远程主机。

After that, "-" becomes, well, "-" for the remote log host part of the format, since nginx doesn't support remote logging in a standard configuration.在此之后，“ - ”变成，那么，“ - ”为远程登录主机部分的格式，因为nginx的不支持远程登录的标准配置。 Because "-" is not a variable it doesn't get replaced in the log entry.因为“ - ”是不是它不会在日志条目替换变量。

The "$remote_user" format element turns into "-" for the remote user (since this connection didn't require authentication), "$time_local" is replaced with "23/Aug/2010:03:50:59 +0000" because it's the time the request was sent, and so on.在“$ REMOTE_USER的”格式元素变成“ - ”为远程用户（因为这方面并不需要身份验证），“$ time_local”改为“23/Aug/2010：三时50分59秒0000”，因为这是一次发送请求，等等。

I feel compelled to note that for "$http_referer", "referer" is misspelled.我不得不指出，对于“$ http_referer”，“引荐”是拼写错误。 That's the spelling of the header name in the HTTP standards, however, so it is "Referer" for all time when talking about web link referrers.这就是在HTTP标准头名的拼写，不过，故有“Referer的”所有关于网页链接的时候引荐说话。 A bit of lexicographical trivia for you there.一个对你有位辞书琐事。 Enjoy.享受。

Other format components其他格式的组件

Apart from what we saw in our breakdown of the combined log format, there are other components you can include in a log_format entry.除了我们在我们的组合日志格式破裂所看到的，还有其他的组件，您可以包含在log_format条目。 Some commonly-used components are:一些常用的组件包括：

$cookie_COOKIE $ cookie_COOKIE

The contents of the cookie named "COOKIE" for the request.名为“曲奇”请求的Cookie的内容。

$http_HEADER $ http_HEADER

The contents of the HTTP header named "HEADER" for the request.名为“头”请求的HTTP头的内容。 The name of the header should be converted to lower-case and any dashes replaced with underscores, as in "$http_user_agent".标头的名称应该被转换为小写，任何破折号用下划线代替，如“$ http_user_agent”。

$server_name $服务器名

The name of the server that handled the request.该服务器处理请求的名称。 If you have multiple virtual hosts logging to the same access log, recording the server name (which should be set for each host) will help you see which connection was for which site.如果您有多个虚拟主机服务器的名称记录（应为每个主机设定）会帮助你看到哪些连接，用于记录到的地点在相同的访问日志。

$connection $连接

The number of connections that have been handled since nginx was last started.连接的数目已自上次启动nginx的处理。 Note that this is a cumulative total of connections, making no distinction between individual users or IP addresses.请注意，这是一个累计的连接，使用户之间没有个人或IP地址的区别。 For most people this value might be interesting to see but otherwise wouldn't be terribly useful to track.对于大多数人来说，这值可能是有趣的看到，否则就不会非常有用的轨道。

For a full list of format variables see the nginx core documentation and the nginx log format documentation .对于充满变数的格式列表看到nginx的核心文件和nginx的日志格式的文件 。

Make your own log format制作您自己的日志格式

While the log_format entry is useful for interpreting what appears in the logs, it can also be used to create your own formats.虽然log_format条目解释什么是有用的出现在日志中，它也可以用来创建自己的格式。

If you want your log to add the length of time it takes to serve requests to its access entries, you might make a log_format directive that looks like:如果你希望你的日志，添加所需的时间，为它的访问请求条目，你可以打一个log_format指令，如下所示：

log_format timed_combined '$remote_addr - $remote_user [$time_local]  ' log_format timed_combined'$的REMOTE_ADDR - $ REMOTE_USER的[$ time_local]'
'"$request" $status $body_bytes_sent ' '“$要求”$状态$ body_bytes_sent'
'"$http_referer" "$http_user_agent" $request_time'; '“$ http_referer”“$ http_user_agent”$ request_time';

All we have to do is add a "$request_time" to the end of the format string, then give it a new nickname — for our example, "timed_combined".我们所要做的就是添加到字符串末尾的格式“$ request_time”，然后给它一个新绰号 - 对于我们的例子中，“timed_combined”。

Using the new log format使用新的日志格式

Now, if you want to tell your virtual host to make an access log using the new format, you can include in the virtual host definition:现在，如果你想告诉你的虚拟主机进行访问日志使用新的格式，您可以包括在虚拟主机定义：

access_log /var/log/nginx/timed.log timed_combined; access_log /无功/日志/ nginx的/ timed.log timed_combined;

That second argument to access_log is where you specify the log format you defined.这第二个参数access_log是您指定您定义的日志格式。 The default format (used if no log format name is included in the directive) is "combined", for the combined log format (CLF).默认的格式（如果没有日志格式使用的名称是在指令中）是“合并”，合并后的日志格式（CLF）的。

To recap: A log_format directive takes a format you give it and assigns it a nickname you choose.要总结一下：一个log_format指令采用的格式，你把它和它分配一个昵称您选择。 Then you use access_log to tell nginx to write the access log using the new format by telling it where to write the log and the nickname of your log format.然后，使用access_log告诉nginx的写，告诉它在哪里写日志和日志访问日志的格式昵称使用新的格式。

Adding more custom logs添加更多的自定义日志

You can have more than one access_log directive for a virtual host.你可以有一个以上的虚拟主机access_log指令。 If you already have an access_log using the CLF format you don't have to remove it when adding your "timed_combined" log.如果您已经有一个access_log使用振江格式不必删除它时加入你的“timed_combined”的日志。 This can be useful if you want to maintain one log in CLF that a web log analyzer program can read and another log file with just the information you care about when you're skimming the entries.这可能是有用的，如果你想保持一个日志在全立一个Web日志分析程序可以读，另一只用信息日志文件，你关心的就是当你掠过的条目。

So if you wanted another log with just the stuff you wanted in it, you might take that "timed_combined" format and remove the things you feel are distractions.因此，如果你想要的东西，只要你在它想要另一个日志，你可能采取的“timed_combined”格式和删除的东西，你觉得是干扰。 If you decided to remove the remote log entry, the user entry, and the user agent entry, you could create that format with:如果你决定删除远程日志条目，用户条目，用户代理项目，您可以创建与格式：

log_format slim '$remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" $request_time'; log_format苗条'$的REMOTE_ADDR [$ time_local]“$要求”$状态$ body_bytes_sent“$ http_referer”$ request_time';

And then create a new access_log to use the "slim" format:然后创建一个新的access_log使用“苗条”的格式：

access_log /var/log/nginx/slim.log slim access_log /无功/日志/ nginx的/ slim.log苗条

Precedence优先权

Note that any logs defined in a virtual host will override log directives in the main nginx config file.请注意，任何记录在虚拟主机定义将覆盖在主配置文件nginx的日志指令。 So if the main config file has the access_log entry (remembering that "combined" is the default if no format is specified):因此，如果主配置文件具有access_log条目（记住，“合并”是默认的，如果没有指定格式）：

access_log /var/log/nginx/access.log access_log /无功/日志/ nginx的/ access.log

And the virtual host has another access_log entry:和虚拟主机有一个access_log项：

access_log /var/log/nginx/.log combined access_log /无功/日志/ nginx的/ .log结合

Then the virtual host will log its accesses to the ".log" file, but not to the "access.log" file.然后，虚拟主机将记录其访问的“.log”文件，但不能对“access.log”文件。 If you wanted accesses to be logged to both files, you would need to include a line for the main access.log file in the virtual host definition, as in:如果你想访问记录到这两个文件，你需要包括一个虚拟主机中的定义主要access.log文件行中，如：

access_log /var/log/nginx/access.log access_log /无功/日志/ nginx的/ access.log
access_log /var/log/nginx/.log combined access_log /无功/日志/ nginx的/ .log结合

Rotating new logs旋转新日志

When you create any new logs, you should remember to configure logrotate to rotate them regularly.当您创建任何新的日志，你应该记住配置logrotate的旋转，并定期。 Otherwise they may grow and grow until they eat all your disk space right up.否则，他们会不断地成长，直到他们吃的所有磁盘空间的权利了。 Any logs in the default nginx log directory should get rotated under nginx's default rules, but if you put a new log in another directory you may need to add a rule to logrotate.任何日志在默认的nginx日志目录下应该得到的nginx的默认规则旋转，但如果你把你在其他目录可能需要添加一条规则，logrotate的一个新的日志。

Summary综述

Log customization is a really handy web server feature.日志定制是一种非常方便的Web服务器功能。 You can tailor the access logs to make them more readable, or to fit a format required by a log analyzer program.您可以定制访问日志，使之更可读，或来适应日志分析器程序所需的格式。 Or you can do both, logging accesses to both a log for a program to analyze and to another log in a more human-readable format.或者你可以两者都做，日志记录程序访问这两个日志分析和更可读的格式到另一个日志。

All you need to do is define the log format, then tell the server where to use it.所有您需要做的就是定义的日志格式，然后告诉服务器在使用它