WEBVTT 00:01.000 --> 00:05.620 Lodging facilities, something which is very important for any program. 00:06.070 --> 00:12.550 So specifically, if you are a developer, you need log files to help you determine what exactly is 00:12.550 --> 00:15.730 happening inside the program. 00:16.270 --> 00:23.860 So as far as engineering is concerned, Nginx helps a great deal through its logs. 00:24.880 --> 00:26.670 So let me give an example. 00:26.680 --> 00:33.490 So through Nginx log, you can actually determine from which country the visitor is coming from. 00:33.490 --> 00:40.000 What is the IP address of the visitor or what in website a visitor is trying to access. 00:40.840 --> 00:48.850 You can also determine from which platform a visitor is coming from May, maybe Android, Windows Linux 00:48.850 --> 00:50.440 and from which browser. 00:50.440 --> 00:51.190 The. 00:52.070 --> 00:54.290 Visitor is opening the website from. 00:54.500 --> 00:59.840 So there are a lot of things that you can actually get from the logs. 01:00.920 --> 01:06.380 So if you talk about Nginx logs, there are two types of logs. 01:06.410 --> 01:10.190 One is the access log and one is the error log. 01:11.570 --> 01:16.640 So in this video, we'll be talking more about the access logs. 01:17.760 --> 01:19.530 So I'll just write access log. 01:19.530 --> 01:22.890 So this is something that we'll cover in this chapter. 01:24.180 --> 01:33.960 So Enginex basically writes information about the client request in the access log after the request 01:33.960 --> 01:35.130 is processed. 01:35.700 --> 01:42.360 So if this is a client so I'll say this is a client and this is a server. 01:43.410 --> 01:47.630 So we already know Http is a request response based protocol. 01:47.640 --> 01:54.480 So if a client sends a request to the Nginx engine, X will send some kind of a response back. 01:55.110 --> 01:58.890 Now, this response will have some kind of a status code. 01:58.890 --> 02:00.570 So maybe it is 200. 02:00.570 --> 02:01.020 Okay. 02:01.020 --> 02:07.830 Or it is for 404 or it is a 500 internal server error or so many other things. 02:09.590 --> 02:16.010 Now, basically all of these is considered as some kind of a response. 02:18.860 --> 02:21.800 So in access log. 02:22.960 --> 02:26.890 Enginex will store the response. 02:26.890 --> 02:34.240 Or you can say Enginex writes the information about the client request right after the request is processed. 02:35.600 --> 02:37.850 So all of these information. 02:39.980 --> 02:42.260 Is stored in the access log. 02:42.710 --> 02:46.310 So let me give you an example for this. 02:46.400 --> 02:47.390 So. 02:49.630 --> 02:51.070 Let's minimize this. 02:53.960 --> 02:56.690 And let's go back to the. 03:00.310 --> 03:00.940 Logs. 03:01.390 --> 03:07.450 So if I go to var log nginx. 03:11.880 --> 03:15.210 Let's do a lon var log nginx. 03:18.390 --> 03:21.450 And you find that there are two types of logs. 03:21.450 --> 03:24.270 One is the access log and one is the error log. 03:24.690 --> 03:29.520 So let's open access log and see what exactly is there in it. 03:32.160 --> 03:35.220 Var log nginx access log. 03:38.730 --> 03:46.860 So a lot of things on the basic overview, you can find that there is a IP address over here. 03:48.550 --> 03:59.050 So just so you can find the IP address, you can find the date and time, you can find the type of request 03:59.080 --> 04:01.990 get or post or whatever you want. 04:02.020 --> 04:07.420 You can even find the browser as well as the operating system version. 04:07.660 --> 04:13.450 And maybe this is a user agent string and so many other things. 04:13.600 --> 04:16.360 So from this request. 04:17.520 --> 04:28.410 And we can find that a client from this IP address at this time on 21st October, he tried to send a 04:28.440 --> 04:32.880 get request using Http protocol 1.1. 04:34.310 --> 04:39.230 And on that, the engineers gave a 404 response back. 04:39.260 --> 04:41.450 That means Page not found. 04:42.640 --> 04:48.120 So this is something that you can take out from the log files. 04:49.530 --> 04:56.130 Now talking about access log, there is already a predetermined format through which a log file is stored. 04:56.900 --> 05:00.530 So if we go to the Nginx configuration file. 05:06.690 --> 05:09.090 So let's go below. 05:09.090 --> 05:12.870 And if we look into the log underscore format. 05:12.900 --> 05:18.750 Now log underscore format is a directive which is brought by the Nginx logging module. 05:19.140 --> 05:26.970 So by default logging module is precompiled when you install nginx and that module brings the log underscore 05:26.970 --> 05:28.050 format directive. 05:32.160 --> 05:36.900 Now inside the log underscore format, we give a name of a format. 05:36.900 --> 05:38.040 So this is main. 05:38.040 --> 05:40.680 So this is something that you can change accordingly. 05:42.470 --> 05:43.690 Followed by the name. 05:43.700 --> 05:46.490 There are some variables which are being assigned. 05:46.520 --> 05:54.140 Now, these variables correspond directly to the type of logs which are stored in the nginx. 05:54.680 --> 05:57.350 So let's do a mapping. 05:57.350 --> 06:01.460 So let me do a tail f on var log 06:04.010 --> 06:05.630 nginx access log. 06:10.880 --> 06:19.000 So this is something some this looks some kind of a hacking incident which people are trying to make 06:19.010 --> 06:19.670 on the server. 06:20.270 --> 06:24.440 Anyways, so we'll talk about security maybe sometime later. 06:25.100 --> 06:27.020 Let's say let me open this. 06:27.020 --> 06:30.700 My jpeg and the image is loaded. 06:30.710 --> 06:34.190 So if you go inside the log, you see this is the. 06:36.850 --> 06:38.200 Log format. 06:40.900 --> 06:42.430 So let's open. 06:43.150 --> 06:50.380 Let's split the screen so that we can actually determine on what exactly these times these fields are. 06:50.470 --> 06:53.830 So let me split the screens and let's do a vertical split. 06:56.030 --> 06:56.480 Okay. 06:59.150 --> 07:00.200 So. 07:01.980 --> 07:03.450 Actually, I did. 07:05.720 --> 07:06.200 Yeah. 07:06.200 --> 07:10.760 So this seems much more better since we are able to read the entire log file. 07:11.960 --> 07:13.400 So let me go down. 07:15.720 --> 07:16.230 Okay. 07:16.350 --> 07:21.090 So the first portion of the access log is the variable remote addr. 07:21.240 --> 07:27.210 So remote addr basically is the IP address of the client who is trying to connect. 07:27.240 --> 07:32.700 So here you see the first field that you will find over here is the remote addr field, which is the 07:32.700 --> 07:33.630 IP address. 07:36.310 --> 07:37.720 Followed by the remote. 07:37.730 --> 07:41.290 ADR is a hyphen, so you'll see a hyphen over here. 07:41.950 --> 07:45.550 Then is a variable remote underscore user. 07:45.640 --> 07:49.360 Now remote underscore user is basically a field. 07:49.810 --> 07:53.830 When you do a Http basic authentication. 07:54.100 --> 07:58.800 So in Http basic authentication, we provide a username and a password. 07:58.810 --> 08:04.150 So this variable corresponds to the username as there is no basic authentication. 08:05.190 --> 08:08.520 You will find that your you are going to have a hyphen. 08:13.310 --> 08:15.440 I just messed up. 08:15.650 --> 08:17.600 Let's clear the screen. 08:20.100 --> 08:21.540 And let's open the log file again. 08:24.230 --> 08:24.740 Okay. 08:25.780 --> 08:31.570 So after remote underscore user there is time underscore local. 08:31.570 --> 08:36.390 So basically this is the timestamp, the time in which the request has come. 08:36.400 --> 08:43.420 So here we see the timestamp, which is 12th November 2015 at 629. 08:45.670 --> 08:47.560 So followed by the timestamp. 08:47.560 --> 08:58.630 There is a request field, so request corresponds to the request that the client is sending or the Uri. 08:58.900 --> 09:03.010 So here it is saying get followed by my Jpeg. 09:03.160 --> 09:10.030 Now we've already seen different type of request headers which can be get post head options and so many 09:10.030 --> 09:10.780 other things. 09:14.790 --> 09:21.270 Also followed by that is the Http protocol version, which is either 1.0 or 1.1. 09:22.680 --> 09:24.330 Now after the request. 09:25.960 --> 09:28.900 Variable that is status variable. 09:29.710 --> 09:34.750 So status is the response status, which can be 200, 400 or 500. 09:34.780 --> 09:37.750 So here you see it is a 200 status. 09:37.750 --> 09:40.690 So means this request is processed successfully. 09:42.130 --> 09:44.000 Followed by the status. 09:44.020 --> 09:45.780 It is a body bytes set. 09:45.790 --> 09:50.500 So this is the size of the response which Enginex has. 09:50.500 --> 09:52.180 Send it back to the client. 09:53.880 --> 10:00.780 Then we have a Http referrer field which is empty because the user has directly opened the website from 10:00.780 --> 10:01.650 the browser. 10:03.260 --> 10:08.660 After the Http referrer field, there is something called as the Http user agent field. 10:09.290 --> 10:14.390 So user Agent Field basically tells about the browser. 10:15.230 --> 10:19.310 And the operating system sometimes that the client is. 10:20.260 --> 10:22.000 Accessing the page from. 10:22.060 --> 10:30.190 So from here we can see the client is trying to access this particular request from Mozilla browser, 10:30.460 --> 10:34.930 followed by the version number as well, which is Firefox 33. 10:36.600 --> 10:40.440 And the last field here is http x-forwarded-for. 10:40.570 --> 10:46.980 So x-forwarded-for is something which is useful when there is a proxy in between. 10:49.130 --> 10:52.670 So this is something that you can determine now. 10:52.670 --> 11:00.060 You can always change these variables according to the needs that you have. 11:00.080 --> 11:02.110 So if you do not want. 11:03.760 --> 11:09.640 Say body underscore bytes, underscore set variable, then you can always remove that and it will be 11:09.640 --> 11:11.280 reflected in your logs. 11:13.100 --> 11:16.460 Again, you can always add new variables if you want. 11:16.490 --> 11:20.030 Depending upon the type of access log that you want to have. 11:21.310 --> 11:27.100 So this is in simple a generic overview about the Nginx access log. 11:27.730 --> 11:31.870 I hope this has been informative for you and I'd like to thank you for viewing.