ngxtop, a log monitoring tool for nginx

ngxtop, a log monitoring tool for nginx


Looking at nginx log files in tail? out!

Tail-f log path


ngxtop is a python-based program that can be installed on Python. ngxtop parses nginx access logs in real time and outputs the results (useful indicators of nginx servers) to terminals


Main functions:

  • Current valid request

  • Summary of total request count

  • Total number of requests provided by status code (2xx, 3xx, 4xx, 5xx)

  • Send average bytes

  • Top-level remote address

Not only can the access of Nginx log be monitored in real time, but also the previous log can be sorted out.



Examples are: centos7 system with Python and pip installed

rpm -ivh epel-release-7-6.noarch.rpm

Then execute the following command to install pip
yum install python-pip

Finally, install ngxtop using the following
pip install ngxtop

ngxtop usage:

ngxtop [option]
ngxtop [option](print | top | avg | sum)<var>
ngxtop info

Options and specifications:

# ngxtop --help

ngxtop - ad-hoc query for nginx access log.


ngxtop [options]

ngxtop [options] (print|top|avg|sum) <var> ...

ngxtop info

ngxtop [options] query <query> ...


-l <file>, --access-log <file>  Access logs that need to be analyzed

-f <format>, --log-format <format>  log_format Instruction specified log format [default: combined]

--no-follow  ngxtop default behavior is to ignore current lines in log

and only watch for new lines as they are written to the access log.

Use this flag to tell ngxtop to process the current content of the access log instead.

-t <seconds>, --interval <seconds>  report interval when running in follow mode [default: 2.0]

-g <var>, --group-by <var>  Grouping by variables [default: request_path]

-w <var>, --having <expr>  having clause [default: 1]

-o <var>, --order-by <var>  sort [default: count]

-n <number>, --limit <number>  Number of bars displayed [default: 10]

-a <exp> ..., --a <exp> ...  add exp (must be aggregation exp: sum, avg, min, max, etc.) into output

-v, --verbose  More output

-d, --debug  print every line and parsed record

-h, --help  Current Help Information.

--version  Output version information.

//Advanced Options:

-c <file>, --config <file>  Function ngxtop analysis nginx configuration file

-i <filter-expression>, --filter <filter-expression>  filter in, records satisfied given expression are processed.

-p <filter-expression>, --pre-filter <filter-expression> in-filter expression to check in pre-parsing phase.

ngxtop example:


All examples read nginx config file for access log location and format.

If you want to specify the access log file and / or log format, use the -f and -a options.

"top" like view of nginx requests

$ ngxtop

404 Top Ten Requests

$ ngxtop top request_path --filter 'status == 404'

//Top 10 requests for total traffic

$ ngxtop --order-by 'avg(bytes_sent) * count'

//ip addresses in the top ten accesses

$ ngxtop --group-by remote_addr

//Output of more than 400 status requests and source of requests

$ ngxtop -i 'status >= 400' print request status http_referer

Average body bytes sent of 200 responses of requested path begin with 'foo':

$ ngxtop avg bytes_sent --filter 'status == 200 and request_path.startswith("foo")'

//Analysis of remote server Apache access log using common log format
$ ssh remote tail -f /var/log/apache2/access.log | ngxtop -f common

Other examples:

Real-time status viewing:

ngxtop -c /opt/nginx/conf/nginx.conf

Access previous IP:

ngxtop -c /opt/nginx/conf/nginx.conf top remote_addr

Requests showing status code 404:

ngxtop -i 'status == 404' print request status

Display the most frequent requests in the top 20:

ngxtop -n 20

Resolve apache logs from remote servers in normal format:

ssh user@remote_server tail -f /var/log/apache2/access.log | ngxtop -f common


Keywords: Nginx Python pip EPEL

Added by Cory94bailly on Tue, 08 Oct 2019 17:50:51 +0300