How to View Nginx Logs on Command Terminal in Linux

Do you want to know how to view Nginx logs on command terminal in Linux? Then this tutorial will show you how.

Logs allow you to monitor malicious activities, errors, security threats, or other problems in your system. Since web servers often serve many clients, it can be tedious to find out what’s causing the issue and debug them. 

By configuring logs for Nginx, you can obtain detailed information about errors and request processing, both locally and via Syslog.

Now let’s see what you must do to configure and view Nginx logs on the Linux terminal.

Prerequisites

Before jumping into the tutorial, let’s see what things you’ll need first.

• A Linux server(We are using Ubuntu 22.04)
• Nginx installed and enabled on the server
• Root privileges or sudo
• Terminal
• Text editor

How to View Nginx Logs on Command Terminal in Linux

Nginx has two types of logs generally—Acess logs and Error logs. Access logs record all requests to the server; meanwhile, error logs record all kinds of failures and unexpected behaviors. We will dive into more details about the log files, but first, let’s get Nginx installed and running in our system.

Install and Configure Nginx

Installing an Nginx web server on Linux is simple. First, update and upgrade your device. Then install Nginx. Use the following commands:

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install nginx

Output:

When installed, enable Nginx with this command:

$ sudo systemctl enable nginx

Output:

You can start the Nginx server using this command:

$ sudo systemctl start nginx

Set up Nginx Logs

Now that you have Nginx installed, let’s explore the different log files and how to use them. Both types of log files can be found at ‘/var/log/nginx/’. You can verify this by running the below commands:

$ cd /var/log/nginx/
$ ls

Output:

Set up Error Logs

The error_log directive has the following syntax:

error_log file [level];

The first argument file means the location of the log file. The second argument [level] indicates the severity of the log. By default, it’s set to error_log logs/error.log error;

Log levels in the order of increasing severity are: debug, info, notice, warn, error, crit, alert, or emerg. Setting a particular log level means you will receive logs of that level and levels higher than that. So the default error parameter will result in error, crit, alert, and emerg messages being logged.

You can change the minimal severity using this configuration:

error_log /var/log/nginx/error.log warn;

This changes the minimal severity from error to warn. If you omit the severity argument, it’s set to ‘error’.

To do such configurations, all you have to do is open the configuration files and add the lines. Open the Nginx configuration file in nano with this command:

$ sudo nano /etc/nginx/nginx.conf

Output:

Add the error_level directive lines in the http block:

http {
  ...

  error_log  /var/log/nginx/error_log  warn;

  ...

}

To understand the log levels in more depth, so you know which one to use in your case, refer to this listing below:

• debug – Used for debugging purposes and provides the most detailed information about the server’s behavior.
• info – Informational messages that do not indicate an error or warning but are still important to log
• notice – Non-error events that may require attention or indicate potential issues. For example, a notice may be logged when Nginx starts up or shuts down.
• warn – Warnings that indicate potential issues but do not prevent the server from functioning correctly. For example, a warning may be logged when a client sends a malformed request.
• error – Errors that prevent the server from functioning correctly. For example, an error may be logged when a requested file is not found.
• crit – Critical errors that require immediate attention. For example, a crit error may be logged when Nginx cannot start or when there is a problem with the configuration file.
• alert – Errors that require immediate action. For example, an alert may be logged for a security breach or a hardware failure.
• emerg – Emergency situations that require immediate action, such as a system crash or a security breach.

Set up Access Logs

The access_log directive syntax is as follows:

access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]];

The logs are entered in the default format known as combined format unless specified. But you can override the settings using the above directive. Look at the below example:

http {
log_format compression '$remote_addr - $remote_user [$time_local] '

                           '"$request" $status $body_bytes_sent '

                           '"$http_referer" "$http_user_agent" "$gzip_ratio"';

    server {

        gzip on;

        access_log /spool/logs/nginx-access.log compression;

        ...

    }

}

This entry extends the default format with values that determine the ratio of gzip compression of the response. Then it’s applied to a virtual server that enables compression. Here’s another example where the log keeps track of multiple time values between NGINX and an upstream server:

http {
log_format upstream_time '$remote_addr - $remote_user [$time_local] '

                             '"$request" $status $body_bytes_sent '

                             '"$http_referer" "$http_user_agent"'

                             'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';

    server {

        access_log /spool/logs/nginx-access.log upstream_time;

        ...

    }

}

You can also enable conditional logging for Access Logs. To do so, you use the if parameter. So in this below example, you can remove HTTP status codes 2xx (Success) and 3xx (Redirection) requests:

map $status $loggable {
~^[23]  0;

    default 1;

}

access_log /path/to/access.log combined if=$loggable;

Viewing Nginx Logs in the Linux Command Line

Now you have a good idea about different kinds of Nginx logs. Let’s see how you can read them in the Linux terminal.

As we said earlier, the logs can be found in the ‘/var/log/nginx/’ directory. You can open the log files in a text editor such as nano. To do that, use the below commands:

$ sudo nano /var/log/nginx/access.log
$ sudo nano /var/log/nginx/error.log

Output:

You may also use the cat command to read the content in the log files, like this:

$ sudo cat /var/log/nginx/access.log
$ sudo cat /var/log/nginx/error.log 

Output:

The access log doesn’t have any content because there was no client request. The error log does have content because of some problems while starting Nginx. In your case, both files may be empty.

An alternative way to show log files in the terminal is to use the tail command. Here’s how you can use it:

$ sudo tail -f /var/log/nginx/access.log
$ sudo tail -f /var/log/nginx/error.log

Output:

The tail command fetches the last few lines from the file, in this case, the last 10. Adding the -f flag in the command allows you to monitor the logs in real-time as new logs are entered into the file.

One last way we’d like to show you is by using the less command. Use the command like this:

$ sudo less -f /var/log/nginx/access.log
$ sudo less -f /var/log/nginx/error.log

Output:

You will be taken to a separate window that looks like this:

You can scroll with the arrow keys. When done, press ‘q’ to quit.

Final Thoughts

This guide teaches you how to view Nginx logs on the command terminal in Linux. We’ve covered the different types of log files in Nginx, how to configure and set them up, and finally, how you can view their contents in the terminal. You can choose any of the several methods to view the log file. To learn more about logging in Nginx, you can refer to their docs.

If this guide helped you, please share it.