formats-nginx | formats-ingress | formats-parsers
here’s a few offered standardized nginx log formats for access logs (error log do not have specific format)
log_format combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format mainssl '$ssl_protocol $ssl_cipher '
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"';
log_format notes '$remote_addr "$request" $status';
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
log_format sslparams '$ssl_protocol $ssl_cipher '
'$remote_addr "$http_user_agent"';
the ideal shit we would want is main + sslparams + compression
log_format mainssl '$ssl_protocol $ssl_cipher '
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"';
that’s even better for pushing logs to a modern log server with fluent-bit’s json parser – example taken from various sources (see resources below) – requires nginx v1.11.8+
see nginx.conf
https://nginx.com/blog/sampling-requests-with-nginx-conditional-logging/
https://serverfault.com/questions/916653/what-is-the-default-log-format-on-nginx/
https://tanmay-bhat.hashnode.dev/parsing-apache-and-nginx-logs-in-fluent-bit
https://docs.fluentbit.io/manual/concepts/data-pipeline/input
https://docs.fluentbit.io/manual/pipeline/inputs/
https://vikborges.com/articles/how-to-make-nginx-access-logs-more-readable-with-json/
FW https://medium.com/bolt-labs/using-json-for-nginx-log-format-793743064fc4
https://stackoverflow.com/questions/25049667/how-to-generate-a-json-log-from-nginx