I have settled on the following Nginx access log format for the web apps that I maintain:
log_format app '[$time_iso8601] $server_name $remote_addr "$request" $status "$http_referer" "$http_user_agent" $request_time';
It contains the information:
$time_iso8601- request start time in ISO format.
$server_name- virtual host/server domain.
$remote_addr- client's IP address.
$request- request line. Includes the HTTP method name and the requested path.
$status- response status.
$http_referer- the Referer header from the request.
$http_user_agent- the User-Agent header from the request.
$request_time- time in seconds (fixed-point decimal, y.xxx) of how much the request took.
combined log format does not contain
$request_time which can sometimes limit debugging possibilities. This format, however, does not contain the username supplied by the Basic auth as I rarely maintain apps using the Basic auth method. I also prefer timestamps in ISO8601 format as my other logs use the same date format and it makes it easier to compare dates.
The log format can be enabled in an Nginx configuration block with:
access_log /var/log/nginx/access.log app;