How to analyze Nginx logs in Linux system

The Nginx log in the Linux system can view the system running records and error descriptions. The analysis of the Nginx logs can be used to understand the status of the system running. So how to analyze the Linux system Nginx log?

Nginx log configuration has two places: access_log and log_format.

Default format:

access_log /data/logs/nginx-access.log;

log_format old ‘$remote_addr [$time_local] $status $request_time $body_bytes_sent ’

‘“$request” “$http_referer” “$http_user_agent”’;

I believe most people who have used Nginx are configured for the default Nginx log format. Familiar, familiar with the contents of the log. However, the default configuration and format are readable, but difficult to calculate.

Nginx log brush related policy can be configured:

For example, set buffer, buffer full 32k to brush; if the buffer is not full 5s clock forced brush configuration is as follows:

access_log /data/logs/nginx-access.log buffer=32k flush=5s;

This determines whether the log is seen in real time and the impact of the log on disk IO.

A lot of variables that Nginx logs can log do not appear in the default configuration:

For example:

Request data size: $request_length

Return data Size: $bytes_sent

Request Time: $request_time

Connection Serial Number: $connection

Current Connection Requests: $connection_requests

Nginx The default format is uncalculated and you need to convert it to a computable format, such as splitting each field with the control character ^A (crox+v ctrl+a on Mac).

The format of log_format can be changed like this:

log_format new ‘$remote_addr^A$http_x_forwarded_for^A$host^A$time_local^A$status^A’

‘$request_time^A$request_length^A$bytes_sent^A$http_referer^A$request^A$http_user_agent’;

This is followed by a common Linux command line tool:

Find the most frequently visited URLs and times:

cat access.log