ScAlAn

List of variables in log format NGINX

Variables:

$ancient_browser            equals the value set by the ancient_browser_value directive, if a browser was identified as ancient
$arg_                       argument in the request line
$args                       arguments in the request line
$binary_remote_addr         client address in a binary form, value’s length is always 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses
$body_bytes_sent            number of bytes sent to a client, not counting the response header; this variable is compatible with the “%B” parameter of the mod_log_config Apache module
$bytes_sent                 number of bytes sent to a client (1.3.8, 1.2.5)
$connection                 connection serial number (1.3.8, 1.2.5)
$connection_requests        current number of requests made through a connection (1.3.8, 1.2.5)
$connections_active         same as the Active connections value
$connections_reading        same as the Reading value
$connections_waiting        same as the Waiting value
$connections_writing        same as the Writing value
$content_length             “Content-Length” request header field
$content_type               “Content-Type” request header field
$cookie_                    the named cookie
$date_gmt                   current time in GMT. The format is set by the config command with the timefmt parameter
$date_local                 current time in the local time zone. The format is set by the config command with the timefmt parameter
$document_root              root or alias directive’s value for the current request
$document_uri               same as $uri
$fastcgi_path_info          the value of the second capture set by the fastcgi_split_path_info directive. This variable can be used to set the PATH_INFO parameter
$fastcgi_script_name        request URI or, if a URI ends with a slash, request URI with an index file name configured by the fastcgi_index directive appended to it. This variable can be used to set the SCRIPT_FILENAME and PATH_TRANSLATED parameters that determine the script name in PHP. For example, for the “/info/” request with the following directives
                                fastcgi_index index.php;
                                fastcgi_param SCRIPT_FILENAME /home/www/scripts/php$fastcgi_script_name;
                            the SCRIPT_FILENAME parameter will be equal to “/home/www/scripts/php/info/index.php”
$geoip_area_code            telephone area code (US only)
$geoip_city                 city name, for example, “Moscow”, “Washington”
$geoip_city_continent_code  two-letter continent code, for example, “EU”, “NA”
$geoip_city_country_code    two-letter country code, for example, “RU”, “US”
$geoip_city_country_code3   three-letter country code, for example, “RUS”, “USA”
$geoip_city_country_name    country name, for example, “Russian Federation”, “United States”
$geoip_country_code         two-letter country code, for example, “RU”, “US”
$geoip_country_code3        three-letter country code, for example, “RUS”, “USA”
$geoip_country_name         country name, for example, “Russian Federation”, “United States”
$geoip_dma_code             DMA region code in US (also known as “metro code”), according to the geotargeting in Google AdWords API
$geoip_latitude             latitude
$geoip_longitude            longitude
$geoip_org                  organization name, for example, “The University of Melbourne”
$geoip_postal_code          postal code
$geoip_region               two-symbol country region code (region, territory, state, province, federal land and the like), for example, “48”, “DC”
$geoip_region_name          country region name (region, territory, state, province, federal land and the like), for example, “Moscow City”, “District of Columbia”
$gzip_ratio                 achieved compression ratio, computed as the ratio between the original and compressed response sizes
$host                       in this order of precedence: host name from the request line, or host name from the “Host” request header field, or the server name matching a request 
$hostname                   host name
$http2                      negotiated protocol identifier: “h2” for HTTP/2 over TLS, “h2c” for HTTP/2 over cleartext TCP, or an empty string otherwise
$http_                      arbitrary request header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores. Examples: $http_referer, $http_user_agent
$https                      “on” if connection operates in SSL mode, or an empty string otherwise
$invalid_referer            Empty string, if the “Referer” request header field value is considered valid, otherwise “1”
$is_args                    “?” if a request line has arguments, or an empty string otherwise
$limit_rate                 setting this variable enables response rate limiting; see limit_rate
$memcached_key              Defines a key for obtaining response from a memcached server
$modern_browser             equals the value set by the modern_browser_value directive, if a browser was identified as modern
$msec                       current time in seconds with the milliseconds resolution (1.3.9, 1.2.6)
$msie                       equals “1” if a browser was identified as MSIE of any version
$nginx_version              nginx version
$pid                        PID of the worker process
$pipe                       “p” if request was pipelined, “.” otherwise (1.3.12, 1.2.7)
$proxy_add_x_forwarded_for  the “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable
$proxy_host                 name and port of a proxied server as specified in the proxy_pass directive
$proxy_port                 port of a proxied server as specified in the proxy_pass directive, or the protocol’s default port
$proxy_protocol_addr        client address from the PROXY protocol header, or an empty string otherwise (1.5.12). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
$proxy_protocol_port        client port from the PROXY protocol header, or an empty string otherwise (1.11.0). the PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
$query_string               same as $args
$realip_remote_addr         keeps the original client address (1.9.7)
$realip_remote_port         keeps the original client port (1.11.0)
$realpath_root              an absolute pathname corresponding to the root or alias directive’s value for the current request, with all symbolic links resolved to real paths 
$remote_addr                client address
$remote_port                client port
$remote_user                user name supplied with the Basic authentication
$request                    full original request line
$request_body               request bod. The variable’s value is made available in locations processed by the proxy_pass, fastcgi_pass, uwsgi_pass, and scgi_pass directives.
$request_body_file          name of a temporary file with the request body. At the end of processing, the file needs to be removed. To always write the request body to a file, client_body_in_file_only needs to be enabled. When the name of a temporary file is passed in a proxied request or in a request to a FastCGI/uwsgi/SCGI server, passing the request body should be disabled by the proxy_pass_request_body off, fastcgi_pass_request_body off, uwsgi_pass_request_body off, or scgi_pass_request_body off directives, respectively.
$request_completion         “OK” if a request has completed, or an empty string otherwise
$request_filename           file path for the current request, based on the root or alias directives, and the request URI
$request_id                 unique request identifier generated from 16 random bytes, in hexadecimal (1.11.0)
$request_length             request length (including request line, header, and request body) (1.3.12, 1.2.7)
$request_method             request method, usually “GET” or “POST”
$request_time               request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client
$request_uri                full original request URI (with arguments)
$scheme                     request scheme, “http” or “https”
$secure_link                The status of a link check. The specific value depends on the selected operation mode
$secure_link_expires        The lifetime of a link passed in a request; intended to be used only in the secure_link_md5 directive
$sent_http_                 arbitrary response header field; the last part of the variable name is the field name converted to lower case with dashes replaced by underscores
$server_addr                an address of the server which accepted a request. Computing a value of this variable usually requires one system call. To avoid a system call, the listen directives must specify addresses and use the bind parameter.
$server_name                name of the server which accepted a request
$server_port                port of the server which accepted a request
$server_protocol            request protocol, usually “HTTP/1.0”, “HTTP/1.1”, or “HTTP/2.0”
$session_log_binary_id      current session ID in binary form (16 bytes)
$session_log_id             current session ID
$slice_range                the current slice range in HTTP byte range format, for example, bytes=0-1048575
$spdy                       SPDY protocol version for SPDY connections, or an empty string otherwise
$spdy_request_priority      request priority for SPDY connections, or an empty string otherwise
$ssl_cipher                 returns the string of ciphers used for an established SSL connection
$ssl_client_cert            returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character; this is intended for the use in the proxy_set_header directive
$ssl_client_fingerprint     returns the SHA1 fingerprint of the client certificate for an established SSL connection (1.7.1)
$ssl_client_i_dn            returns the “issuer DN” string of the client certificate for an established SSL connection
$ssl_client_raw_cert        returns the client certificate in the PEM format for an established SSL connection
$ssl_client_s_dn            returns the “subject DN” string of the client certificate for an established SSL connection
$ssl_client_serial          returns the serial number of the client certificate for an established SSL connection
$ssl_client_verify          returns the result of client certificate verification: “SUCCESS”, “FAILED”, and “NONE” if a certificate was not present
$ssl_protocol               returns the protocol of an established SSL connection
$ssl_server_name            returns the server name requested through SNI (1.7.0)
$ssl_session_id             returns the session identifier of an established SSL connection
$ssl_session_reused         returns “r” if an SSL session was reused, or “.” otherwise (1.5.11)
$status                     response status (1.3.2, 1.2.2)
$tcpinfo_rtt, 
$tcpinfo_rttvar, 
$tcpinfo_snd_cwnd, 
$tcpinfo_rcv_space          information about the client TCP connection; available on systems that support the TCP_INFO socket option
$time_iso8601               local time in the ISO 8601 standard format (1.3.12, 1.2.7)
$time_local                 local time in the Common Log Format (1.3.12, 1.2.7)
$uid_got                    The cookie name and received client identifier
$uid_reset                  If the variable is set to a non-empty string that is not “0”, the client identifiers are reset. The special value “log” additionally leads to the output of messages about the reset identifiers to the error_log
$uid_set                    The cookie name and sent client identifier
$upstream_addr              keeps the IP address and port, or the path to the UNIX-domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock”. If an internal redirect from one server group to another happens, initiated by “X-Accel-Redirect” or error_page, then the server addresses from different groups are separated by colons, e.g. “192.168.1.1:80, 192.168.1.2:80, unix:/tmp/sock : 192.168.10.1:80, 192.168.10.2:80”
$upstream_cache_status      keeps the status of accessing a response cache (0.8.3). The status can be either “MISS”, “BYPASS”, “EXPIRED”, “STALE”, “UPDATING”, “REVALIDATED”, or “HIT”
$upstream_connect_time      time spent on establishing a connection with an upstream server
$upstream_cookie_           cookie with the specified name sent by the upstream server in the “Set-Cookie” response header field (1.7.1). Only the cookies from the response of the last server are saved
$upstream_header_time       time between establishing a connection and receiving the first byte of the response header from the upstream server
$upstream_http_             keep server response header fields. For example, the “Server” response header field is available through the $upstream_http_server variable. The rules of converting header field names to variable names are the same as for the variables that start with the “$http_” prefix. Only the header fields from the response of the last server are saved
$upstream_response_length   keeps the length of the response obtained from the upstream server (0.7.27); the length is kept in bytes. Lengths of several responses are separated by commas and colons like addresses in the $upstream_addr variable
$upstream_response_time     time between establishing a connection and receiving the last byte of the response body from the upstream server
$upstream_status            keeps status code of the response obtained from the upstream server. Status codes of several responses are separated by commas and colons like addresses in the $upstream_addr variable
$uri                        current URI in request, normalized. The value of $uri may change during request processing, e.g. when doing internal redirects, or when using index files.

Declare log format in http block:

log_format upstream_time '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '"$http_referer" "$http_user_agent"'
                         'rt=$request_time uct="$upstream_connect_time";

Usage format:

 //in the section to log use this    
 access_log /spool/logs/nginx-access.log upstream_time;

16 thoughts on “List of variables in log format NGINX

  1. Magnificent web site. Lots of useful information here.
    I am sending it to a few friends ans also sharing in delicious.
    And of course, thank you for your sweat!

  2. Its like you read my mind! You appear to know so much about this, like you wrote
    the book in it or something. I think that you can do with some pics to drive the
    message home a little bit, but other than that, this is excellent blog.

    A fantastic read. I will definitely be back.

  3. If you desire to increase your experience simply keep
    visiting this web site and be updated with the most up-to-date gossip posted here.

  4. Wow that was strange. I just wrote an extremely long comment
    but after I clicked submit my comment didn’t appear.

    Grrrr… well I’m not writing all that over again. Anyways,
    just wanted to say excellent blog!

  5. I seriously love your website.. Pleasant colors & theme.
    Did you make this website yourself? Please reply
    back as I’m wanting to create my very own website and would love
    to know where you got this from or what the theme is named.
    Thanks!

    1. Hello.

      Thanks for interest to our activity.
      Let’s continue our dialogue.
      Please contact me on contact form or write by email.
      Wait for your message.

      Thanks.

  6. you’re really a just right webmaster. The site loading pace is amazing.
    It sort of feels that you’re doing any unique trick.

    In addition, The contents are masterwork. you have done a wonderful task in this
    topic!

  7. Magnificent goods from you, man. I have understand your stuff previous to
    and you are just extremely great. I really like what you’ve acquired here, really like what you’re stating and the way in which you say it.

    You make it enjoyable and you still care for to keep
    it sensible. I cant wait to read much more from you. This is
    actually a great site.

  8. whoah this blog is excellent i like studying
    your articles. Keep up the great work! You realize, lots of individuals are
    hunting round for this information, you can help them greatly.

  9. wonderful points altogether, you just won a brand new
    reader. What may you suggest in regards to your publish that
    you simply made a few days ago? Any sure?

  10. I was suggested this website by my cousin. I’m not sure
    whether this post is written by him as no one else know such detailed about my trouble.

    You are amazing! Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *