Nginx 的 access log 默认是以空格分隔的字符串形式记录的,格式如下
log_format proxy '[$time_local] $remote_addr ' '$protocol $status $bytes_received $bytes_sent ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time" $upstream_session_time';
官方支持json格式
| Syntax: | log_format |
|---|---|
| Default: | — |
| Context: | stream |
Specifies the log format, for example:
log_format proxy '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
The escape parameter (1.11.8) allows setting json or default characters escaping in variables, by default, default escaping is used. The none parameter (1.13.10) disables escaping.
这里需要注意的是从 1.11.8 开始 Nginx 已经支持 json 格式,如果版本低于这个建议使用 nginx-http-json-log 扩展
log_format json_combined escape=json '{"@timestamp":"$time_iso8601",' '"@source":"$server_addr",' '"@nginx_fields":{' '"remote_addr":"$remote_addr",' '"remote_user":"$remote_user",' '"body_bytes_sent":"$body_bytes_sent",' '"request_time":"$request_time",' '"status":"$status",' '"host":"$host",' '"uri":"$uri",' '"server":"$server_name",' '"port":"$server_port",' '"protocol":"$server_protocol",' '"request_uri":"$request_uri",' '"request_body":"$request_body",' '"request_method":"$request_method",' '"http_referrer":"$http_referer",' '"body_bytes_sent":"$body_bytes_sent",' '"http_x_forwarded_for":"$http_x_forwarded_for",' '"http_user_agent":"$http_user_agent",' '"upstream_response_time":"$upstream_response_time",' '"upstream_addr":"$upstream_addr"}}';
json格式比较直观,但数据量会变大