[ URL      ] : https://notes.fr/2020/02/28/Customiser-logs-NGINX/
[ CATEGORY ] : /Serveur/Web/NGINX
[ TAGS     ] : ,
[ AUTHOR   ] : 4L1N3

Customiser les logs de NGINX

Si vos logs NGINX ne sont pas assez détaillés il est possible de les customiser en ajoutant des variables. Il est également possible de faire une mise en page pour faciliter la lecture. Notez que sur un grand volume de logs, ajouter des informations ou une mise en page peut, sur le long terme, les faire occuper un espace disque plus conséquent.

Logs par défaut

Par défaut les logs sont écrit au format prédéfinis combined, c’est à dire qu’ils affichent le résultat des variables $remote_addr, $remote_user, $time_local, $request, $status, $body_bytes_sent, $http_referer et $http_user_agent. La configuration par défaut est la suivante : 

log_format combined '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

Se sont les informations de base que vous trouverez dans les logs NGINX.

Logs customisés

Pour créer un format de log il suffit de le définir dans le fichier /etc/nginx/nginx.conf dans le bloc http{} en utilisant la directive log_format en lui fournissant un nom (NAME).

Voici la syntaxe : 

Syntax: 	log_format NAME [escape=default|json|none] string ...;
Default: 	log_format combined "...";
Context: 	http

Il faudra ensuite préciser dans le vhost ce nouveau format de log dans la section server {} :

server {
    listen 443 ssl http2;
    ...
    access_log /var/log/nginx/mondomain.ovh.access.log NAME;
    error_log /var/log/nginx/mondomain.ovh.error.log warn;
    ...
}

Exemples

Logs par défaut :

log_format combined '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

Logs indiquants le ratio de compression (il s’agit simplement du combined format avec la variable $gzip_ratio en plus) :

log_format compression '$remote_addr - $remote_user [$time_local] '
                       '"$request" $status $body_bytes_sent '
                       '"$http_referer" "$http_user_agent" "$gzip_ratio"';

Logs indiquants le chiffrement :

log_format sslparams '$ssl_protocol $ssl_cipher '
                     '$remote_addr "$http_user_agent"';

Logs assez fournis avec une mise en page rudimentaire :

log_format customiZeMe  '------------------------------------------------\n'
            ' body_bytes_sent            : $body_bytes_sent            \n'
            ' bytes_sent                 : $bytes_sent                 \n'
            ' connection                 : $connection                 \n'
            ' connection_requests        : $connection_requests        \n'
            ' content_length             : $content_length             \n'
            ' content_type               : $content_type               \n'
            ' cookie_name                : $cookie_name                \n'
            ' document_uri               : $document_uri               \n'
            ' msec                       : $msec                       \n'
            ' nginx_version              : $nginx_version              \n'
            ' pid                        : $pid                        \n'
            ' remote_addr                : $remote_addr                \n'
            ' remote_port                : $remote_port                \n'
            ' remote_user                : $remote_user                \n'
            ' request                    : $request                    \n'
            ' request_body               : $request_body               \n'
            ' request_body_file          : $request_body_file          \n'
            ' request_filename           : $request_filename           \n'
            ' request_length             : $request_length             \n'
            ' request_method             : $request_method             \n'
            ' request_time               : $request_time               \n'
            ' request_uri                : $request_uri                \n'
            ' uri                        : $uri                        \n'
            ' sent_http_name             : $sent_http_name             \n'
            ' sent_http_content_range    : $sent_http_content_range    \n'
            ' server_port                : $server_port                \n'
            ' status                     : $status                     \n'
            ' ssl_protocol               : $ssl_protocol               \n'
            ' ssl_cipher                 : $ssl_cipher                 \n'
            ' time_local                 : $time_local                 \n'
            ;

Appliquer les logs customisés à l’ensemble des vhost

Pour choisir le type de logs il est possible de les définir dans chaque vhost du dossier /etc/nginx/site-available/ dans le bloc server{ } :

server {
    listen 443 ssl http2;
    ...
    access_log /var/log/nginx/mondomain.ovh.access.log NAME;
    error_log /var/log/nginx/mondomain.ovh.error.log warn;
    ...
}

Ou de directement les définir dans le bloc http{ } du fichier /etc/nginx/nginx.conf en utilisant la variable $host.

http{

    access_log /var/log/nginx/$host.access.log NAME;
    error_log /var/log/nginx/$host.error.log;

}

Variables possibles

La liste complète se trouve ici https://nginx.org/en/docs/varindex.html :

  $arg_name                       argument name in the request line 
  $args                           arguments in the request line 
  $binary_remote_addr             client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses 
  $body_bytes_sent                number of bytes sent to a client,
  $bytes_sent                     the number of bytes sent to a client 
  $connection                     connection serial number 
  $connection connection          serial number
  $connection_requests            current number of requests made through a connection
  $content_length                 “Content-Length” request header field 
  $content_type                   “Content-Type” request header field 
  $cookie_name                    the name cookie 
  $document_root                  root or alias directive’s value for the current request 
  $document_uri                   same as $uri 
  $host                           host name from the request line, or host from the “Host” request header field, or the server name matching a request 
  $hostname                       host name 
  $http_name                      arbitrary request header field;
  $https                          “on” if connection operates in SSL mode, or an empty string otherwise 
  $is_args                        “?” if a request line has arguments, or an empty string otherwise 
  $limit_rate                     setting this variable enables response rate limiting; see limit_rate 
  $msec                           time in seconds with a milliseconds resolution at the time of the log write 
  $nginx_version                  nginx version 
  $pid                            PID of the worker process 
  $pipe                           “p” if request was pipelined, “.” otherwise
  $proxy_protocol_addr            client address from the PROXY protocol header   /_!_\ var unknow pour NGINX
  $proxy_protocol_port            client port from the PROXY protocol header      /_!_\ var unknow pour NGINX
  $proxy_protocol_server_addr     server address from the PROXY protocol header   /_!_\ var unknow pour NGINX
  $proxy_protocol_server_port     server port from the PROXY protocol header      /_!_\ var unknow pour NGINX
  $query_string                   same as $args 
  $realpath_root                  absolute pathname with all symbolic links resolved to real paths 
  $remote_addr                    client address 
  $remote_port                    client port 
  $remote_user                    user name supplied with the Basic authentication 
  $request full                   original request line 
  $request_body                   request body
  $request_body_file              name of a temporary file with the request body
  $request_completion             “OK” if a request has completed, or an empty string otherwise 
  $request_filename               file path for the current request, based on the root or alias directives, and the request URI 
  $request_id                     unique request identifier generated from 16 random bytes, in hexadecimal /_!_\ var unknow pour NGINX
  $request_length                 request length (including request line, header, and request body)
  $request_method                 request method, usually “GET” or “POST” 
  $request_time                   request processing time in seconds with a milliseconds resolution
  $request_uri                    full original request URI (with arguments) 
  $scheme                         request scheme, “http” or “https” 
  $sent_http_name                 arbitrary response header field
  $sent_http_content_range        ?
  $sent_trailer_name              arbitrary field sent at the end of the response     /_!_\ var unknow pour NGINX
  $server_addr                    an address of the server which accepted a request
  $server_name                    name of the server which accepted a request 
  $server_port                    port of the server which accepted a request 
  $server_protocol                request protocol, usually “HTTP/1.0”, “HTTP/1.1”, or “HTTP/2.0” 
  $status                         response status 
  $ssl_protocol                   Protocole de chiffrement utilité
  $ssl_cipher                     Chiffrement utilisé
  $tcpinfo_rtt                    information about the client TCP connection; available on systems that support the TCP_INFO socket option
  $tcpinfo_rttvar                 information about the client TCP connection; available on systems that support the TCP_INFO socket option
  $tcpinfo_snd_cwnd               information about the client TCP connection; available on systems that support the TCP_INFO socket option
  $tcpinfo_rcv_space              information about the client TCP connection; available on systems that support the TCP_INFO socket option 
  $time_iso8601                   local time in the ISO 8601 standard format
  $time_local                     local time in the Common Log Format
  $upstream_connect_time          time spent on establishing a connection with an upstream server
  $upstream_header_time           time between establishing a connection and receiving the first byte of the response header from the upstream server
  $upstream_response_time         time between establishing a connection and receiving the last byte of the response body from the upstream server
  $uri                            current URI in request, normalized

Ces variables sont notamments utilisées dans les logiciels de monitoring.

Documentation

https://docs.nginx.com/nginx/admin-guide/monitoring/logging/
https://nginx.org/en/docs/http/ngx_http_core_module.html#internal
https://nginx.org/en/docs/varindex.html

> Partager <