Logging and Monitoring

Nginx logs are your primary window into what is happening on the server. Good log configuration makes debugging fast; bad log configuration makes it impossible.

---

What You Will Learn

• How to configure custom log_format directives (JSON, combined, extended)
• How to read and parse access.log and error.log from the CLI
• How to do real-time log analysis with tail, awk, and grep
• How to configure per-site log files
• How to monitor Nginx with stub_status and integrate with monitoring tools
• How to set up log rotation

---

Topics in This Module

• Log Formats — combined, custom JSON, extended timing formats
• Access Log Analysis — tail, awk, cut, sort one-liners for traffic analysis
• Error Log Analysis — Error levels, reading upstream errors, PHP-FPM errors via Nginx
• Per-Site Logging — Separate access_log and error_log per server block
• stub_status Module — Built-in /nginx_status endpoint for real-time metrics
• Log Rotation — logrotate config for Nginx, nginx -s reopen signal

---

Key Log Paths

/var/log/nginx/access.log    # All HTTP requests
/var/log/nginx/error.log     # Errors — check this first

Custom per-site logs are often placed in:

/var/log/nginx/example.com.access.log
/var/log/nginx/example.com.error.log

Best Practices

• Use a structured (JSON) log format if you plan to ship logs to Elasticsearch or Loki
• Always add $request_time and $upstream_response_time to your log format — essential for performance debugging
• Enable per-site access_log and error_log — avoids mixing traffic from all sites
• Use logrotate with postrotate signal nginx -s reopen to rotate without losing data
• Set error_log /var/log/nginx/error.log warn; in production to reduce noise

Success Checkpoint

By the end of this module you should be able to write a custom log format, analyze access logs with CLI tools, set per-site logs, and expose the stub_status endpoint safely.