nginx default log data is not recorded post
In nginx http section of the configuration file
log_format log format identification [escape = json] log format
For example: log format identifier to main, add escape = json to Chinese display correctly (note, escape = json need nginx 1.11.8or later is supported), recording a cookie request post and believe information
log_format main escape=json '$remote_addr $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$http_cookie" "$request_body"';
among them:
$ time_local formatted time
$ request address request
$ status response code
$ body_bytes_sent page number of bytes transferred
$ HTTP_REFERER source address
$ HTTP_USER_AGENT UA client
directory $ DOCUMENT_ROOT absolute address of the current document, such as: / var / WWW / HTML
$ fastcgi_script_name the current absolute url address, such as: /info.php
$ request_filename current request absolute physical address of the file, such as root-based and command alias: /var/www/html/info.php
$ HTTP_COOKIE the cookie information, this is also very important, If you put a user's identity in a cookie, more convenient debugging
Then each virtual server section of the site
access_log log log format identifier given path;
For example, save the log to /data/logs/web.log, just set the log format with the main format, if you want another format you can add more log_format section at http just, and use a different log format identification
access_log /data/logs/web.log main;
GoAccess log analysis
installation
yum install glib2 glib2-devel GeoIP-devel ncurses-devel zlib zlib-develyum install gcc -y
yum -y install GeoIP-update
yum install goaccess
See nginx log format configuration, with the configuration nginx2goaccess.sh nginx log format into a format that can be recognized by the configuration goaccess
https://raw.githubusercontent.com/stockrt/nginx2goaccess/master/nginx2goaccess.sh
sh nginx2goaccess.sh '<log_format>' #log_format configured in log format your nginx.conf
such as:
sh nginx2goaccess.sh '$remote_addr $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$http_cookie" "$request_body"'
It is the result of the conversion
- Generated goaccess config:
time-format %T
date-format %d/%b/%Y
log_format %h %^ [%d:%t %^] "%r" %s %b "%R" "%u" "%^" "%r_body"
Save the file results go.conf
Then you can analyze the log nginx
./goaccess -f nginx_access.log -p go.conf -o report.html
If you want to log real-time analysis
nohup ./goaccess -f nginx_access.log -p go.conf -o report.html --real-time-html --ws-url=report.xxx.com &
goaccess command parameters:
-a --agent-list enable the agent by the host user list. For faster resolution, do not enable the
-d --with-output-resolver open IP resolution in HTML / JSON output, it will use the GeoIP IP to resolve
-f need to analyze the log file path File --log-
- p --config-file profile path
-o --output output format supports HTML, JSON, CSV
-m --with mouse-mouse click control panel support
-q --no-query-string parameters of the request is ignored portion
- -real-time-html real-time HTML report generation
--daemonize daemon mode - use real-time-html
goaccess date and time format:
% a abbreviated weekday
% A few weeks Full
% b abbreviated month
full name of the month% B
Time% c string date criteria
% C first two digits of the year of the
day of the month in decimal notation% d
% D month / day / year
day of each month in the two-character domain% e, expressed in decimal
% F year - month - day
two digits of the year% g, based week of
% G year, based Week of
% h abbreviated month name
h% H 24-hour clock
hour% I 12 hour of
the annual day of% j in decimal notation
month% m decimal notation
min% m represents the number of prepared ten o'clock
% n newline
% p local AM or PM display equivalent
% r 12 hours
% R displays the hours and minutes: hh: mm
% S decimal seconds
% t horizontal tab
when the display every minute% T: hh: mm: SS
% U first few days, Monday is the first day of the week (value from 1-7, Monday is 1)
the week% U first year, the Sunday as the first day (value from 0 to 53)
% V week number of year, weeks based on
% a few (value from 0-6, Sunday is 0) w week in decimal notation
% W week number of year, Monday as the first day ( value of from 0 to 5 . 3)
% standard date string X
% X standard string time
% y year without century decimal (values from 0 to 99)
ten year manufactured with century% Y moiety
% z,% Z time zone name, the name of a time zone can not be obtained if the return null character.
%% percent sign
goaccess format identification:
% t match time-format formatted time fields
% d match date-format formatted date fields
% h host (client ip address, including ipv4 and IPv6)
% R & lt request line from the client
method% m request
% U URL path
% H request protocol
status code% s server response
% b server returns content size
% R HTTP referer field of the request header
% u user agent HTTP request header
% time D request by the time, in microseconds
% T request takes the time in seconds
% ^ ignore this field
Will complain if nginx2goaccess format conversion using the above format to write your own logo
In order to set the correct log format, stepped on a lot of the pit, the first listed avoid repetition we encounter.
(1) log format default partition log information according to the space, therefore, for a field comprising the special characters such as space information, and the like, must be included in the "" inside. The request http_user_agent field etc.
(2) nginx log format which, using a space-separated, but must pay attention here, with only one space. At that time there was a place I used two spaces, a direct result of goaccess result of an error.
(. 3) nginx each field in the log and log format to be in one to one correspondence, if a particular message format does not require the nginx log, then use this information to skip ^%.
(4) For each log nginx -, the format log needs to skip a ^%, if it is "-", with the "% ^"
(5) If the log information nginx are:, you need to log format is also displayed. E.g. nginx log contains the $ time_local:, it is also [% d:% t% ^ ] at the corresponding position of the log format