Nginx訪問日誌介紹
Nginx軟件會把每個用戶訪問網站的日誌信息記錄到指定的日誌文件裡,供網站提供者分析用戶的瀏覽行為等,此功能由ngx_http_log_module模塊負責。對應的官方地址為:http://nginx.org/en/docs/http/ngx_http_log_module.html。
訪問日誌參數
Nginx的訪問日誌主要由兩個參數控制。
Nginx日誌格式中默認的參數配置如下:
log_format main '$remote_addr - $remote_user[$time_local]"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
Nginx記錄日誌的默認參數配置如下:
access_log logs/access.log main;
訪問日誌配置說明
1.日誌格式的定義說明
先來看其語法:
定義語法: log_format name string ……;
其配置位置在http標籤內。
日誌格式說明如下:
log_format main '$remote_addr - $remote_user[$time_local]"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
其中,log_format為日誌格式關鍵參數,不能變。
main是為日誌格式指定的標籤,記錄日誌時通過這個main標籤選擇指定的格式。其後所接的所有內容都是可以記錄的日誌信息。注意,所有的日誌段以空格分隔,一行可以記錄多個,不同列的意義:
在沒有特殊要求的情況下,採用默認的配置即可,更多可以設置的記錄日誌信息的變量見:
http://nginx.org/en/docs/http/ngx_http_log_module.html
2.記錄日誌的access_log參數說明
下面是有關access_log參數的官方說明。
語法如下:
access_log path[format[buffer=size[flush=time]][if=condition]];
access_log path format gzip[=level][buffer=size][flush=time][if=condition];
access_log syslog:server=address[,parameter=value][format[if=condition]];
buffer=size為存放訪問日誌的緩衝區大小,flush=time為將緩衝區的日誌刷到磁盤的時間,gzip[=level]表示壓縮級別,[if=condition]表示其他條件。一般的場景中,這些參數都無須配置,極端優化時才可能會考慮這些參數。
access_log off中的off,表示不記錄訪問日誌。
默認配置:access_log logs/access.log combined;
放置位置在http、server、location、if in location、limit_except中。
訪問日誌配置實戰
編輯主配置文件 nginx.conf ,配置日誌格式如下:
[root@private conf]# sed -n '21, 23 s/#//gp' nginx.conf.default
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
[root@private conf]# vim nginx.conf
[root@private conf]# cat -n nginx.conf
1
2#user nobody;
3worker_processes 1;
4
5error_log logs/error.log error;
6error_log logs/error.log warn;
7error_log logs/error.log crit;
8
9#pid logs/nginx.pid;
10
11
12events {
13 worker_connections 1024;
14}
15
16
17http {
18 include mime.types;
19 default_type application/octet-stream;
20
21log_format main '$remote_addr - $remote_user [$time_local] "$request" '
22 '$status $body_bytes_sent "$http_referer" '
23 '"$http_user_agent" "$http_x_forwarded_for"';
24 sendfile on;
25
26 keepalive_timeout 65;
27
28 include extra/*.conf;
29
30 }
31
[root@private conf]#
然後在每個虛擬主機裡進行配置,使其商用上述格式記錄用戶訪問日誌。命令如下:
[root@private conf]# vim extra/blog.conf
[root@private conf]# cat -n extra/blog.conf
1 server {
2 listen 80;
3 server_name blog.haiyuan.org;
4
5 location / {
6 root html/blog;
7 index index.html index.htm;
8 }
9
10 error_page 404 /404.html;
11 location = /404.html {
12 root html/blog;
13 }
14
15 error_page 500 502 503 504 /50x.html;
16 location = /50x.html {
17 root html/blog;
18 }
19access_log logs/access_blog.log main;
20 }
如果不指定日誌格式就會用默認的combined格式記錄日誌。
接下來進行檢查語法,重新加載配置,命令如下:
[root@private conf]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@private conf]# /etc/init.d/nginx reload
reload nginx [OK]
[root@private conf]#
進行測試訪問,查看日誌結果:
[root@private conf]# curl -I blog.haiyuan.org
HTTP/1.1 200 OK
Server: nginx/1.12.0
Date: Sat, 21 Oct 2017 06:39:45 GMT
Content-Type: text/html
Content-Length: 9480
Last-Modified: Sat, 02 Sep 2017 07:31:30 GMT
Connection: keep-alive
ETag: "59aa5e52-2508"
Accept-Ranges: bytes
[root@private conf]# ls -l ../logs/access_blog.log
-rw-r--r-- 1 root root 904 Oct 21 14:39 ../logs/access_blog.log
[root@private conf]# tailf -5 ../logs/access_blog.log
127.0.0.1 - - [21/Oct/2017:14:38:56 +0800] "GET / HTTP/1.1" 200 9480 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-"
127.0.0.1 - - [21/Oct/2017:14:39:07 +0800] "GET / HTTP/1.1" 200 9480 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "-"
再分別使用谷歌和火狐瀏覽器進行測試訪問,分別查看日誌結果:
火狐瀏覽器訪問後:
[root@private conf]# tailf -5 ../logs/access_blog.log
119.90.20.254 - - [21/Oct/2017:14:44:32 +0800] "GET /images/templatemo_180_column_bg.jpg HTTP/1.1" 200 2140 "http://114.115.155.144/templatemo_style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:44:32 +0800] "GET /images/templatemo_bottom_panel_bg.jpg HTTP/1.1" 200 27926 "http://114.115.155.144/templatemo_style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:44:32 +0800] "GET /images/templatemo_top_bg.jpg HTTP/1.1" 200 57124 "http://114.115.155.144/templatemo_style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:44:33 +0800] "GET /favicon.ico HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:44:33 +0800] "GET /favicon.ico HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
谷歌瀏覽器訪問後:
[root@private conf]# tailf -5 ../logs/access_blog.log
119.90.20.254 - - [21/Oct/2017:14:44:32 +0800] "GET /images/templatemo_top_bg.jpg HTTP/1.1" 200 57124 "http://114.115.155.144/templatemo_style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:44:33 +0800] "GET /favicon.ico HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:44:33 +0800] "GET /favicon.ico HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
119.90.20.254 - - [21/Oct/2017:14:45:09 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-"
119.90.20.254 - - [21/Oct/2017:14:45:09 +0800] "GET /images/templatemo_main_bg.jpg HTTP/1.1" 404 19 "http://114.115.155.144/templatemo_style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36" "-"
我們可以將日誌格式和日誌內容做一個比對:
'$remote_addr - $remote_user[$time_local]"$request" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
真實的日誌內容如下:
119.90.20.254 - - [21/Oct/2017:14:44:32 +0800] "GET /images/templatemo_180_column_bg.jpg HTTP/1.1" 200 2140 "http://114.115.155.144/templatemo_style.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0" "-"
對應說明如下:
$remote_addr對應的是真實日誌裡的119.90.20.254,即客戶端的IP。
$remote_user對應的是第二個中槓“-”,沒有遠程用戶,所以用“-”填充。
[$time_local]對應的是[21/Oct/2017:14:44:32 +0800]。
"$request"對應的是"GET /images/templatemo_180_column_bg.jpg HTTP/1.1"。
$status對應的是200狀態碼,200表示正常訪問。
$body_bytes_sent對應的是2140字節,即響應body的大小。
"$http_referer"對應的是"http://114.115.155.144/templatemo_style.css",若是直接打開域名瀏覽的時,referer就會沒有值,為"-"。
"$http_user_agent"對應的是"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0"。
"$http_x_forwarded_for"對應的是"-",因為Web服務沒有使用代理,因此此處為"-"。
閱讀更多 海淵haiyuan 的文章