NGINX Logs Explained: Access and Error Log Guide

NGINX logs are the primary data source for monitoring server traffic and quickly resolving issues.
This guide explains how access and error logs work and how to manage them.

What Will You Learn in This Guide?

Tasks of NGINX access and error logs
Location and configuration of log files
Creating custom log formats
Managing error levels and log details
Conducting performance and security analysis with logs

What are NGINX Logs?

NGINX keeps two types of logs by default:

Access Log: Records visitor requests
Error Log: Records server errors and warnings

On Linux systems, logs are usually in the following directory:

/var/log/nginx/

This directory contains access.log and error.log files.

What is NGINX Access Log?

Access log records every incoming HTTP request.

The following information is included in these logs:

Client IP address
Requested URL
HTTP status code
Browser information
Response size

These logs are used for traffic analysis and attack detection.

How to Enable Access Log?

Access log is usually on by default in the http block.

http {
    access_log /var/log/nginx/access.log;
}

This configuration collects all sites in one file.

Site Based Access Log Usage

It is recommended to keep separate logs for each domain name.

server {
    listen 80;
    server_name domain1.com;
    access_log /var/log/nginx/domain1.access.log;
}

This setting provides site-specific traffic analysis.

Creating a Custom Access Log Format

If the default format is not sufficient, you can define a custom format.

log_format custom '$remote_addr [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_user_agent"';

Link this format to the log file:

access_log /var/log/nginx/domain1.access.log custom;

This configuration shows request details more clearly.

What is NGINX Error Log?

Error log records configuration errors and operational problems.
This is the first place to look if NGINX stops working or behaves unexpectedly.

How to Enable Error Log?

error_log /var/log/nginx/error.log warn;

This configuration records warnings and above errors.

Site Based Error Log

server {
    server_name domain1.com;
    error_log /var/log/nginx/domain1.error.log error;
}

This method makes it easier to isolate the source of error.

NGINX Error Log Levels

NGINX error levels operate in order of severity:

emerg: System cannot work
alert: Urgent intervention required
crit: Critical error
error: Operation failed

5.warn: Warning

notice: Information
info: Detailed information
debug: Most verbose output

The higher level includes the lower levels.

How to Increase Log Detail Level?

The debug level can be turned on temporarily while troubleshooting.

error_log /var/log/nginx/error.log debug;

Reinstall NGINX after change:

sudo systemctl reload nginx

It is not recommended to debug for a long time in a production environment.

Performance and Security Analysis with Logs

The following analyzes can be made with access logs:

Slow endpoint detection
Incorrect request density
Bot and browser distinction
Suspicious IP behavior

Sample performance format:

log_format perf '$remote_addr "$request" $status '
                '$request_time $upstream_response_time';

Managing Log File Size (logrotate)

NGINX logs are not returned automatically.
Logrotate is used on Linux systems.

/var/log/nginx/*.log {
    daily
    rotate 14
    compress
    missingok
    notifempty
    postrotate
        systemctl reload nginx > /dev/null
    endscript
}

This structure prevents disk overflow.

Frequently Asked Questions (FAQ)

1. Where are NGINX logs kept? By default, they are in the /var/log/nginx/ directory.

2. Can access log be turned off? Yes, access_log off; It can be closed with .

3. Can error log be turned off completely? Yes, /dev/null redirection is possible.

error_log /dev/null;

4. How to do real-time log monitoring?

tail -f /var/log/nginx/access.log

5. Why are logs important for security? Attacks, brute-force and abnormal requests are detected from logs.

Result

NGINX access and error logs are indispensable for system health. Properly configured logs increase performance and security.

Standardize log management for enterprise infrastructures. For high-performance and secure servers, you can try it immediately on the GenixNode infrastructure.