List of variables in log format NGINX
$ancient_browser equals the value set by the ancient_browser_value directive, if a browser was identified as ancient $arg_ argument in the request line $args arguments in the request line $binary_remote_addr client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses $body_bytes_sent number of bytes sent to a client, not counting the response header; this variable is compatible with the “%B” parameter of the mod_log_config Apache module $bytes_sent number of bytes sent to a client (1.3.8, 1.2.5) $connection connection serial number (1.3.8, 1.2.5) $connection_requests current number of requests made through a connection (1.3.8, 1.2.5) $connections_active same as the Active connections value $connections_reading same as the Reading value $connections_waiting same as the Waiting value $connections_writing same as the Writing value $content_length “Content-Length” request header field $content_type “Content-Type” request header field $cookie_ the named cookie $date_gmt current time in GMT. The format is set by the config command with the timefmt parameter $date_local current time in the local time zone. The format is set by the config command with the timefmt parameter $document_root root or alias directive’s value for the current request $document_uri same as $uri $fastcgi_path_info the value of the second capture set by the fastcgi_split_path_info directive. This variable can be used to set the PATH_INFO parameter $fastcgi_script_name request URI or, if a URI ends with a slash, request URI with an index file name configured by the fastcgi_index directive appended to it. This variable can be used to set the SCRIPT_FILENAME and PATH_TRANSLATED parameters that determine the script name in PHP. For example, for the “/info/” request with the following directives fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name; the SCRIPT_FILENAME parameter will be equal to “/home/www/scripts/php/info/index.php” $geoip_area_code telephone area code (US only) $geoip_city city name, for example, “Moscow”, “Washington” $geoip_city_continent_code two-letter continent code, for example, “EU”, “NA” $geoip_city_country_code two-letter country code, for example, “RU”, “US” $geoip_city_country_code3 three-letter country code, for example, “RUS”, “USA” $geoip_city_country_name country name, for example, “Russian Federation”, “United States” $geoip_country_code two-letter country code, for example, “RU”, “US” $geoip_country_code3 three-letter country code, for example, “RUS”, “USA” $geoip_country_name country name, for example, “Russian Federation”, “United States” $geoip_dma_code DMA region code in US (also known as “metro code”), according to the geotargeting in Google AdWords API $geoip_latitude latitude $geoip_longitude longitude $geoip_org organization name, for example, “The University of Melbourne” $geoip_postal_code postal code $geoip_region two-symbol country region code (region, territory, state, province, federal land and the like), for example, “48”, “DC” $geoip_region_name country region name (region, territory, state, province, federal land and the like), for example, “Moscow City”, “District of Columbia” $gzip_ratio achieved compression ratio, computed as the ratio between the original and compressed response sizes $host in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request $hostname host name $http2 negotiated protocol identifier: “h2” for HTTP/2 over TLS, “h2c” for HTTP/2 over cleartext TCP, or an empty string otherwise $http_ arbitrary request header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores. Examples: $http_referer, $http_user_agent $https “on” if connection operates in SSL mode, or an empty string otherwise $invalid_referer Empty string, if the “Referer” request header field value is considered valid, otherwise “1” $is_args “?” if a request line has arguments, or an empty string otherwise $limit_rate setting this variable enables response rate limiting; see limit_rate $memcached_key Defines a key for obtaining response from a memcached server $modern_browser equals the value set by the modern_browser_value directive, if a browser was identified as modern $msec current time in seconds with the milliseconds resolution (1.3.9, 1.2.6) $msie equals “1” if a browser was identified as MSIE of any version $nginx_version nginx version $pid PID of the worker process $pipe “p” if request was pipelined, “.” otherwise (1.3.12, 1.2.7) $proxy_add_x_forwarded_for the “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable $proxy_host name and port of a proxied server as specified in the proxy_pass directive $proxy_port port of a proxied server as specified in the proxy_pass directive, or the protocol’s default port $proxy_protocol_addr client address from the PROXY protocol header, or an empty string otherwise (1.5.12). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive. $proxy_protocol_port client port from the PROXY protocol header, or an empty string otherwise (1.11.0). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive. $query_string same as $args $realip_remote_addr keeps the original client address (1.9.7) $realip_remote_port keeps the original client port (1.11.0) $realpath_root an absolute pathname corresponding to the root or alias directive’s value for the current request, with all symbolic links resolved to real paths $remote_addr client address $remote_port client port $remote_user user name supplied with the Basic authentication $request full original request line $request_body request bod. The variable’s value is made available in locations processed by the proxy_pass, fastcgi_pass, uwsgi_pass, and scgi_pass directives. $request_body_file name of a temporary file with the request body. At the end of processing, the file needs to be removed. To always write the request body to a file, client_body_in_file_only needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGI/uwsgi/SCGI server, passing the request body should be disabled by the proxy_pass_request_body off, fastcgi_pass_request_body off, uwsgi_pass_request_body off, or scgi_pass_request_body off directives, respectively. $request_completion “OK” if a request has completed, or an empty string otherwise $request_filename file path for the current request, based on the root or alias directives, and the request URI $request_id unique request identifier generated from 16 random bytes, in hexadecimal (1.11.0) $request_length request length (including request line, header, and request body) (1.3.12, 1.2.7) $request_method request method, usually “GET” or “POST” $request_time request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client $request_uri full original request URI (with arguments) $scheme request scheme, “http” or “https” $secure_link The status of a link check. The specific value depends on the selected operation mode $secure_link_expires The lifetime of a link passed in a request; intended to be used only in the secure_link_md5 directive $sent_http_ arbitrary response header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores $server_addr an address of the server which accepted a request. Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter. $server_name name of the server which accepted a request $server_port port of the server which accepted a request $server_protocol request protocol, usually “HTTP/1.0”, “HTTP/1.1”, or “HTTP/2.0” $session_log_binary_id current session ID in binary form (16 bytes) $session_log_id current session ID $slice_range the current slice range in HTTP byte range format, for example, bytes=0-1048575 $spdy SPDY protocol version for SPDY connections, or an empty string otherwise $spdy_request_priority request priority for SPDY connections, or an empty string otherwise $ssl_cipher returns the string of ciphers used for an established SSL connection $ssl_client_cert returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character; this is intended for the use in the proxy_set_header directive $ssl_client_fingerprint returns the SHA1 fingerprint of the client certificate for an established SSL connection (1.7.1) $ssl_client_i_dn returns the “issuer DN” string of the client certificate for an established SSL connection $ssl_client_raw_cert returns the client certificate in the PEM format for an established SSL connection $ssl_client_s_dn returns the “subject DN” string of the client certificate for an established SSL connection $ssl_client_serial returns the serial number of the client certificate for an established SSL connection $ssl_client_verify returns the result of client certificate verification: “SUCCESS”, “FAILED”, and “NONE” if a certificate was not present $ssl_protocol returns the protocol of an established SSL connection $ssl_server_name returns the server name requested through SNI (1.7.0) $ssl_session_id returns the session identifier of an established SSL connection $ssl_session_reused returns “r” if an SSL session was reused, or “.” otherwise (1.5.11) $status response status (1.3.2, 1.2.2) $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, $tcpinfo_rcv_space information about the client TCP connection; available on systems that support the TCP_INFO socket option $time_iso8601 local time in the ISO 8601 standard format (1.3.12, 1.2.7) $time_local local time in the Common Log Format (1.3.12, 1.2.7) $uid_got The cookie name and received client identifier $uid_reset If the variable is set to a non-empty string that is not “0”, the client identifiers are reset. The special value “log” additionally leads to the output of messages about the reset identifiers to the error_log $uid_set The cookie name and sent client identifier $upstream_addr keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock”. If an internal redirect from one server group to another happens, initiated by “X-Accel-Redirect” or error_page, then the server addresses from different groups are separated by colons, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80” $upstream_cache_status keeps the status of accessing a response cache (0.8.3). The status can be either “MISS”, “BYPASS”, “EXPIRED”, “STALE”, “UPDATING”, “REVALIDATED”, or “HIT” $upstream_connect_time time spent on establishing a connection with an upstream server $upstream_cookie_ cookie with the specified name sent by the upstream server in the “Set-Cookie” response header field (1.7.1). Only the cookies from the response of the last server are saved $upstream_header_time time between establishing a connection and receiving the first byte of the response header from the upstream server $upstream_http_ keep server response header fields. For example, the “Server” response header field is available through the $upstream_http_server variable. The rules of converting header field names to variable names are the same as for the variables that start with the “$http_” prefix. Only the header fields from the response of the last server are saved $upstream_response_length keeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the $upstream_addr variable $upstream_response_time time between establishing a connection and receiving the last byte of the response body from the upstream server $upstream_status keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the $upstream_addr variable $uri current URI in request, normalized. The value of $uri may change during request processing, e.g. when doing internal redirects, or when using index files.
Declare log format in http block:
log_format upstream_time '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"' 'rt=$request_time uct="$upstream_connect_time";
//in the section to log use this access_log /spool/logs/nginx-access.log upstream_time;
18 thoughts on “List of variables in log format NGINX”
Magnificent web site. Lots of useful information here.
I am sending it to a few friends ans also sharing in delicious.
And of course, thank you for your sweat!
Can I play an ambush card even if the opponent didn’t attack?
awesome, do you mind if I share this?
Its like you read my mind! You appear to know so much about this, like you wrote
the book in it or something. I think that you can do with some pics to drive the
message home a little bit, but other than that, this is excellent blog.
A fantastic read. I will definitely be back.
If you desire to increase your experience simply keep
visiting this web site and be updated with the most up-to-date gossip posted here.
Wow that was strange. I just wrote an extremely long comment
but after I clicked submit my comment didn’t appear.
Grrrr… well I’m not writing all that over again. Anyways,
just wanted to say excellent blog!
Please try again. I am interested in your feedback.
I seriously love your website.. Pleasant colors & theme.
Did you make this website yourself? Please reply
back as I’m wanting to create my very own website and would love
to know where you got this from or what the theme is named.
Thanks for interest to our activity.
Let’s continue our dialogue.
Please contact me on contact form or write by email.
Wait for your message.
you’re really a just right webmaster. The site loading pace is amazing.
It sort of feels that you’re doing any unique trick.
In addition, The contents are masterwork. you have done a wonderful task in this
Magnificent goods from you, man. I have understand your stuff previous to
and you are just extremely great. I really like what you’ve acquired here, really like what you’re stating and the way in which you say it.
You make it enjoyable and you still care for to keep
it sensible. I cant wait to read much more from you. This is
actually a great site.
whoah this blog is excellent i like studying
your articles. Keep up the great work! You realize, lots of individuals are
hunting round for this information, you can help them greatly.
wonderful points altogether, you just won a brand new
reader. What may you suggest in regards to your publish that
you simply made a few days ago? Any sure?
Appreciаte thіs post. Lеt me tгy it out.
I was suggested this website by my cousin. I’m not sure
whether this post is written by him as no one else know such detailed about my trouble.
You are amazing! Thanks!
Thank you for the good writeup. It in fact
was a amusement account it. Look advanced to far added agreeable from you!
By the way, how could we communicate?
Thanks for interested in my information.
Please contact me on the contact page.