How to Locate and Enable Varnish Log Files in Ubuntu: A Developer’s Guide


1 views

When you first install Varnish on Ubuntu, you might be surprised to find /var/log/varnish empty. This isn't a bug - Varnish actually doesn't write traditional log files by default due to its high-performance architecture. Instead, it uses shared memory logs (SHM) for minimal performance impact.

The primary way to access Varnish logs is through the varnishlog utility. Try running:


sudo varnishlog

This streams real-time request/response data. For more focused output:


sudo varnishlog -g request -q 'ReqUrl ~ "^/api"'  # Filter API requests

To enable persistent logging to files, modify your Varnish configuration:


# /etc/default/varnish
DAEMON_OPTS="-a :6081 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -s malloc,256m \
             -w /var/log/varnish/varnish.log"  # Add this line

Then create the log directory and restart Varnish:


sudo mkdir -p /var/log/varnish
sudo chown varnish:varnish /var/log/varnish
sudo systemctl restart varnish

For Apache-style access logs, use varnishncsa:


sudo varnishncsa -a -w /var/log/varnish/access.log

To run it as a service, create a systemd unit file at /etc/systemd/system/varnishncsa.service:


[Unit]
Description=Varnish NCSA Logging Daemon
After=varnish.service

[Service]
User=varnish
Group=varnish
ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/access.log
Restart=always

[Install]
WantedBy=multi-user.target

Add this to /etc/logrotate.d/varnish for proper log rotation:


/var/log/varnish/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0640 varnish varnish
    sharedscripts
    postrotate
        systemctl reload varnish > /dev/null
    endscript
}

If logs still don't appear:

  • Verify Varnish is running: sudo systemctl status varnish
  • Check permissions: ls -ld /var/log/varnish
  • Test configuration: sudo varnishd -C -f /etc/varnish/default.vcl

When you first install Varnish Cache on Ubuntu, you might be surprised to find the /var/log/varnish directory empty. This isn't a bug - Varnish actually doesn't write traditional log files by default due to performance considerations. Instead, it outputs logs to the system's journal (journald) or syslog.

Varnish provides multiple ways to access its logs:

# Check journald logs (systemd systems)
sudo journalctl -u varnish

# Check syslog location
sudo grep varnish /var/log/syslog

# Check if any varnish log files exist
sudo find /var/log -name "*varnish*" -type f

To enable traditional log files, you need to configure the Varnish instance. Here's how to set up access logs:

# Edit the Varnish service file
sudo nano /lib/systemd/system/varnish.service

# Add these parameters to the ExecStart line
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m -n varnish_instance \
  -p vcl_dir=/etc/varnish \
  -p workspace_backend=128k \
  -p vcc_allow_inline_c=on \
  -p 'vsl_dir=/var/log/varnish' \
  -p 'vsl_mask=SharedMemory' \
  -p 'vsl_size=256m'

# Create the log directory with proper permissions
sudo mkdir -p /var/log/varnish
sudo chown varnish:varnish /var/log/varnish
sudo chmod 755 /var/log/varnish

# Reload systemd and restart Varnish
sudo systemctl daemon-reload
sudo systemctl restart varnish

A more common approach is to use the varnishncsa utility to generate Apache-style access logs:

# Install varnishncsa if not present
sudo apt install varnishncsa

# Create a systemd service for varnishncsa
sudo nano /etc/systemd/system/varnishncsa.service

# Add this configuration
[Unit]
Description=Varnish NCSA Logging Daemon
After=varnish.service

[Service]
User=varnish
Group=varnish
ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/access.log -D
Restart=always

[Install]
WantedBy=multi-user.target

# Enable and start the service
sudo systemctl daemon-reload
sudo systemctl enable varnishncsa
sudo systemctl start varnishncsa

To prevent log files from growing indefinitely, set up log rotation:

# Create a logrotate configuration
sudo nano /etc/logrotate.d/varnish

# Add these settings
/var/log/varnish/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 640 varnish varnish
    sharedscripts
    postrotate
        systemctl reload varnishncsa > /dev/null
    endscript
}

For more sophisticated logging, you can query Varnish's shared memory logs directly:

# View recent requests
sudo varnishlog -g request -q 'ReqMethod eq "GET"'

# Filter by specific URL
sudo varnishlog -g request -q 'ReqURL ~ "^/products/"'

# Save logs to a file with filtering
sudo varnishlog -g request -a -w /var/log/varnish/requests.vsl

If logs still aren't appearing after configuration:

# Verify Varnish is running
sudo systemctl status varnish

# Check configuration syntax
sudo varnishd -C -f /etc/varnish/default.vcl

# Verify storage directory permissions
sudo ls -ld /var/log/varnish
sudo ls -l /var/log/varnish

# Check for SELinux/AppArmor restrictions
sudo aa-status
sudo getenforce