Debugging Nginx Logging Issues: Why Error/Access Logs Aren’t Being Written to Files on CentOS 7


2 views

When migrating from Apache to Nginx on CentOS 7, one of the most common issues developers face is log files not being populated. The configuration appears correct, the files exist, but no entries appear in either access or error logs.

The first thing to verify is the directory structure and permissions. The logs directory must be writable by the Nginx worker process user (typically nginx or www-data).

# Check current permissions
ls -ld /var/www/example.com/logs/

# Fix permissions if needed
sudo chown -R nginx:nginx /var/www/example.com/logs/
sudo chmod -R 755 /var/www/example.com/logs/

On CentOS 7, SELinux can block Nginx from writing to custom log locations. Check the current context:

ls -Z /var/www/example.com/logs/

If the context isn't set correctly, use:

sudo semanage fcontext -a -t httpd_log_t "/var/www/example.com/logs(/.*)?"
sudo restorecon -Rv /var/www/example.com/logs/

Let's examine the complete logging configuration with these improvements:

server {
    listen       80;
    server_name  example.com;
    
    # Enhanced logging configuration
    access_log   /var/www/example.com/logs/example.com_access.log combined buffer=32k flush=5m;
    error_log    /var/www/example.com/logs/example.com_error.log warn;
    
    # Rest of your configuration...
}

After making changes, always test:

sudo nginx -t
sudo systemctl restart nginx

To force some log entries for testing:

curl -I http://example.com/nonexistent-page

If logs still aren't appearing, check these system-level components:

# Check if Nginx has permission to write to the directory
sudo -u nginx touch /var/www/example.com/logs/test.log

# Verify disk space and inodes
df -h
df -i

# Check system logs for relevant errors
journalctl -xe -u nginx

For temporary debugging, you can log to standard output:

error_log /dev/stderr debug;
access_log /dev/stdout combined;

Or configure remote logging:

access_log syslog:server=10.0.0.1:514,facility=local7,tag=nginx,severity=info combined;

When setting up Nginx logging, ensure:

  • Directory exists and is writable
  • Correct SELinux context is applied
  • Log rotation is configured
  • Enough disk space is available
  • Log levels are appropriately set

The most common culprit when Nginx fails to write logs is improper permissions. While you mentioned checking permissions, let's verify the complete chain:

# Check directory permissions recursively
ls -la /var/www/example.com/

# Verify nginx worker process ownership
ps aux | grep nginx

# Sample output showing nginx worker running as 'nginx' user
nginx    12345  0.0  0.1 123456  7890 ?        S    Nov07   0:00 nginx: worker process

Even if log files have correct permissions (644), the parent directory must allow the nginx user to traverse and write:

# Correct directory permissions:
sudo chown -R nginx:nginx /var/www/example.com/logs/
sudo chmod -R 755 /var/www/example.com/logs/

Your server block configuration appears correct at first glance, but let's examine potential pitfalls:

# Common mistakes in log directives:
access_log /path/to/log.log combined;  # Missing log format
error_log /path/to/error.log notice;  # Incorrect log level

# Verify syntax with:
sudo nginx -t

The error level in your config is actually correct (it's the default), but explicitly specifying warn might help surface issues:

error_log /var/www/example.com/logs/example.com_error.log warn;

On CentOS 7, SELinux often blocks Nginx from writing to custom log locations. Check and fix:

# Check SELinux context:
ls -Z /var/www/example.com/logs/

# Temporary test (disable enforcing):
sudo setenforce 0
# If logs work now, you've found the issue

# Permanent solution:
sudo semanage fcontext -a -t httpd_log_t "/var/www/example.com/logs(/.*)?"
sudo restorecon -Rv /var/www/example.com/logs/

When standard checks don't reveal the issue, try these advanced methods:

# 1. Directly test logging to different locations
error_log /dev/stderr debug;  # Test writing to stderr

# 2. Check for filesystem issues
df -h /var  # Verify disk space
touch /var/www/example.com/logs/test.log  # Test manual write

# 3. Inspect kernel logs for blocked writes
sudo dmesg | grep nginx
sudo ausearch -m avc -ts recent | grep nginx

If file logging remains problematic, consider these alternatives:

# 1. Syslog integration
error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx,severity=error;

# 2. Conditional logging examples
map $status $loggable {
    ~^[23]  0;
    default 1;
}

access_log /var/log/nginx/access.log combined if=$loggable;

Remember to always test configuration changes with sudo nginx -t before reloading with sudo systemctl reload nginx.