nginx logging

# logging
access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
error_log /var/log/nginx/error.log warn;

The access_log directive specifies the location and format of the access log, which records all requests processed by the server. In this case, the access log is stored at /var/log/nginx/access.log and uses the combined log format. The combined format includes detailed information about each request, such as the client IP address, request method, requested URL, HTTP status code, and user agent.

Additionally, the access_log directive includes two optional parameters: buffer and flush. The buffer=512k parameter sets a buffer size of 512 kilobytes for the access log. This means that log entries are temporarily stored in memory until the buffer is full. The flush=1m parameter specifies that the buffer should be flushed to disk every minute, even if it is not full. These parameters help improve performance by reducing the frequency of disk writes, while still ensuring that log data is periodically saved.

The error_log directive specifies the location and log level for the error log, which records any errors encountered by the server. In this case, the error log is stored at /var/log/nginx/error.log, and the log level is set to warn. The warn log level includes warnings, errors, and critical messages, providing a balance between verbosity and relevance.

When I run ls /var/log/nginx/access.log I see access.log -> /dev/stdout in the output of the ls command, it indicates that access.log is a symbolic link (symlink) pointing to /dev/stdout.

A symbolic link is a type of file that points to another file or directory. It acts as a shortcut, allowing you to reference the target file or directory using a different name or path.

/dev/stdout is a special file in Unix-like operating systems that represents the standard output stream. When a program writes to /dev/stdout, the output is directed to the terminal or the output stream of the parent process.

In the context of NGINX logging, configuring access.log to point to /dev/stdout is commonly used in containerised environments, such as Docker. This setup allows the logs to be captured and managed by the container runtime, making it easier to aggregate and monitor logs from multiple containers.

If you want to see the logs for nginx container, you don't need to go into the container or map a volume for logs, you simply check the Docker container logs:

docker logs -f --timestamps nginx-container-name

I used -f (or --follow) option to tail the logs of a Docker container and have them automatically update when new logs are generated. This is similar to using the tail -f command on a log file.

Note that we're flushing logs every minute so the logs will be refreshed every minute and not immediately.