Morgan provides the default logging capability for our Express server. By simply providing the already included Morgan logger instance a predefined format string, we will update the logging format of all our incoming web server requests. There are quite a few different predefined logging formats, each with different content and information density based on your logging needs.
| Format | Structure and example |
| combined | :remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent" ::1 - - [20/May/2017:00:40:20 +0000] "GET /posts HTTP/1.1" 200 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" |
| common | :remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length] ::1 - - [20/May/2017:00:41:09 +0000] "GET /posts HTTP/1.1" 200 - |
| dev | :method :url :status :response-time ms - :res[content-length] GET /posts 200 7.802 ms - 665 |
| short | :remote-addr :remote-user :method :url HTTP/:http-version :status :res[content-length] - :response-time ms ::1 - GET /posts HTTP/1.1 200 - - 19.831 ms |
| tiny |
:method :url :status :res[content-length] - :response-time ms GET /posts 200 - - 1.708 ms |
Morgan can also be used to create custom log messages using log tokens. There are many default log tokens provided by Morgan that can be used to compose a custom log message.
| Token | Description |
| :url | The HTTP request URL |
| :date[format] |
The current date and time in UTC; it can be formatted in several ways:
|
| :http-version | The HTTP version of the request |
| :method |
The HTTP method/verb of the request |
| :status |
The HTTP status code of the request |
| :referrer | The Referrer HTTP header of the request |
| :remote-addr | The remote ip/connection address of the HTTP request |
| :remote-user | The HTTP request providing basic authentication credentials |
| :req[header] | The value for the specified HTTP header for the request |
| :res[header] | The value for the specified HTTP header in the response |
| :response-time[digits] |
The time in milliseconds it takes Express to respond to the request; you may optionally provide the number of digits of precision |
| :user-agent |
The contents of the User-Agent header of the request |
These tokens can be composed along with custom token definitions in Morgan to create a custom log entry:
morgan(':role :session - :method :status :url');
Our /middleware/auth.js middleware logger method generates log file messages that look like this:
admin UcW2vmdJUmdZRxDTTHxJgznDbo0DbDGT - GET 304 /api
admin UcW2vmdJUmdZRxDTTHxJgznDbo0DbDGT - GET 200 /api/foobar
admin UcW2vmdJUmdZRxDTTHxJgznDbo0DbDGT - GET 200 /api/barfoo
admin UcW2vmdJUmdZRxDTTHxJgznDbo0DbDGT - GET 200 /api/testing
admin UcW2vmdJUmdZRxDTTHxJgznDbo0DbDGT - GET 404 /api/testing/invalid
admin wykpBVhRUAaVfgmZ84uHcowL8c8hNff9 - GET 304 /api
admin wykpBVhRUAaVfgmZ84uHcowL8c8hNff9 - GET 304 /api/foobar
You can see that by putting the URL token last, we can get very readable and clean log messages that can show us exactly what individual admin sessions are doing and what pages of our application they are visiting. This sort of log file can later be mined for useful insights concerning application debugging, security, and user usage and behavior.