Most Linux web servers, such as Apache, HTTPD, or Nginx, will write events to their own unique log file. For example, following are the default log files used by Nginx.
Likewise, following are the default log files used by HTTPD.
The LogFormat directive is used to create a LogFormat variable. In this example, a variable called common is created, and the % expressions are used to control the type of data that will be captured by the common directive. For example, %r stands for the requested resource, such as index.html or example.jpg, and %t stands for time. The CustomLog directive will use one of the LogFormat variables.
LogFormat "%h %l %u \"%r\" %>s %b %D %X" common
For example, let's say a user navigates to http://www.example.com/index.html. A request for index.html will be written to the log that is using the common variable.
2018-09-26 01:38:02 10.1.2.3 www.example.com GET "/index.html" HTTP/1.1 200
The web servers configuration file, such as httpd.conf, is used to configure how records are written to the logs. The CustomLog directive in the configuration file is used to configure the location and name of each log file, and the data that is written to each log file. In this example, the access_log and error_log will be located under the /var/log/httpd/ directory. Also, the access_log will use the common LogFormat, and the error_log will use the custom LogFormat.
CustomLog /var/log/httpd/access_log common CustomLog /var/log/httpd/error_log custom