nginx日志格式
ngx_http_log_module
ngx_http_log_module模块
指定日志格式记录请求
log_format name string ...;
string可以使用nginx核心模块及其它模块内嵌的变量
Default: log_format combined "...";
Context: http
access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]];
access_log off; #禁用访问日志
Default: access_log logs/access.log combined;
Context: http, server, location, if in location, limit_except
访问日志文件路径,格式及相关的缓冲的配置
buffer=size
flush=time
log日志在服务运行期间可以备份或清零,最好不要直接删除,否则,会应为日志文件不存在后续日志不会继续写,需要重启服务器,才能再生成日志文件
①#cat /dev/null >logfile
②#>logfile #有的shell不支持
open_log_file_cache max=N [inactive=time] [min_uses=N] [valid=time];
open_log_file_cache off;
Default: open_log_file_cache off;
Context: http, server, location
缓存各日志文件相关的元数据信息
max:缓存的最大文件描述符数量
min_uses:在inactive指定的时长内访问大于等于此值方可被当作活动项
inactive:非活动时长
valid:验证缓存中各缓存项是否为活动项的时间间隔
1、虚拟主机生产自己独立的日志文件
配置:
[root@centos7.6 conf.d]# vi /apps/nginx4/conf/conf.d/test.conf server { server_name www.magedu.org; root /data/site14/; access_log /apps/nginx4/logs/magedu.org.access.log main; location /echo { #set $opt "hello,"; echo hello; echo world; echo 'host:' $host; echo 'remote_addr:' $remote_addr echo 'args:' $args; echo 'document_root' $document_root; echo 'http_user_agent' $http_user_agent; echo ; default_type text/html; } }
测试:
[root@centos7.6 conf.d]# cp /var/log/messages-20210307 /data/site14/messages [root@centos7.6 conf.d]# chmod 644 /messages #默认600权限,这样http://www.magedu.org/messages报错403 [root@centos7.6 conf.d]# tail -f magedu.org.access.log 10.0.0.1 - - [07/Mar/2021:09:12:56 +0800] "GET /messages HTTP/1.1" 200 632260 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2、自定义json日志格式
配置:
[root@centos7.6 conf.d]# vi /apps/nginx4/conf/nginx.conf #log_format只能http语句块设置
log_format access_json '{"@timestamp":"$time_iso8601",' #和apache定义log_format语法有点区别,apapche的access_json写在格式后边
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
测试:
[root@centos7.6 conf.d]# tail -f magedu.org.access.log {"@timestamp":"2021-03-07T09:53:40+08:00","host":"10.0.0.126","clientip":"10.0.0.125","size":632260,"responsetime":0.039, "upstreamtime":"-","upstreamhost":"-","http_host":"www.magedu.org","uri":"/messages","domain":"www.magedu.org","xff":"-", "referer":"-","tcp_xff":"","http_user_agent":"ApacheBench/2.3","status":"200"}
附件:
1、python处理json格式日志脚本:
#!/usr/bin/env python #coding:utf-8 status_200= [] status_404= [] with open("access_json.log") as f: for line in f.readlines(): line = eval(line) if line.get("status") == "200": status_200.append(line.get) elif line.get("status") == "404": status_404.append(line.get) else: print("状态码 ERROR") f.close() print "状态码200的有--:",len(status_200) print "状态码404的有--:",len(status_404)
测试结果示例: 状态码200的有--: 100 状态码404的有--: 0