Applies To:

Show Versions Show Versions

Manual Chapter: Specifying Log Formats for Hit Logs
Manual Chapter
Table of Contents   |   << Previous Chapter

12 
Many sites perform traffic analysis against the HTTP log files that their web servers generate. The WebAccelerator® system creates logs, called hit logs, that contain the same sort of information that origin web servers create in their HTTP log files.
For user-defined acceleration policies, you can tailor the information that appears in the hit logs so that they work seamlessly with whatever analysis tools you use for your origin web servers HTTP log files. Through the logging feature, you can specify the type of information included in hit logs, as well as the format in which to log that information. You can log HTTP and HTTPS requests together or log them separately, selecting different logging options for each. Further, you can create a customized logging format if you do not want to use the predefined logging formats.
Note: You cannot enable logging for predefined acceleration policies; you can only enable logging on user-defined and signed acceleration policies.
<application> is the name of the application, for which you are viewing the log file.
<type> indicates the type of protocol logged. An i indicates HTTP protocol and an s indicates HTTPS protocol.
Note that you can log both HTTP and HTTPS separately, or together in the same log file. For example, <type> could indicate either i or s, or i and s.
<version number> is the version number of the log file.
The lines that appear at the top of a log file are called, log headers. You can use log headers to identify the type and order of the information written to each line in the log file. Some log analysis software also uses log headers to determine how to parse a log file. The three common conventions for log headers are:
No header line
Apache web servers use this option. By default, Apache web servers write access logs in a format that is identical to the NCSA Common format.
NCSA Common or Combined headers
Netscape® servers, and their descendants (such as the iPlanet Enterprise Server) write a log header line that is unique to these family of servers. These servers generally use either the NCSA Common or Combined log format and the log header lines are comprised of keywords. For example:
W3C headers
Most Microsoft® Internet Information Services (IIS) web servers write log files in the extended log file format, which are defined by a W3C working draft. For more information, see http://www.w3.org/TR/WD-logfile.html.
The predefined log format options on the WebAccelerator system represent a collection of logging information that is commonly used by origin web servers and consists of:
1.
In the navigation pane, expand WebAccelerator and click Policies.
The Policies screen displays a list of existing acceleration policies.
2.
Click the Logging link next to an acceleration policy.
3.
To create individual logs for the HTTP and HTTPS protocols, select the Log HTTP and HTTPS requests separately check box in the What to Log area.
5.
If you select Log all transactions, or Only log transactions served from cache, then select a format for the HTTP logs from the Log Format list.
6.
In the HTTPS Log area (available only if you are logging HTTP and HTTPS separately), select the options as required:
7.
If you selected Log all transactions, or Only log transactions served from cache, then select a format for the HTTPS logs from the Log Format list.
8.
Click the Save button.
host rfc931 username [date:time UTC_offset] "method URI?query_parameters protocol" status bytes
125.125.125.2 - - [10/Oct/2002:23:44:03 -0600]
"GET /apps/example.jsp?sessionID=34h76 HTTP/1.1" 200 3045
host rfc931 username [date:time UTC_offset] "method URI?query_parameters protocol" status bytes "referrer" "user_agent" "cookie"
125.125.125.2 - - [23/Oct/2002:23:44:03 -0600]
"GET /apps/example.jsp?sessionID=34h76 HTTP/1.1" 200 3045
"http://www.siterequest.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" "UserID=ssarette;Category=PDA;Selection=Various"
date time rfc931 username host method URI query_parameters status bytes request_length time_taken protocol user_agent cookie referrer
2002-10-23 23:44:03 205.47.62.112 - 125.125.125.2 GET /apps/example.jsp sessionID=34h76 200 3045 124 138 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0 UserID=ssarette;Category=PDA;Selection=Various http://www.siterequest.com
1.
In the navigation pane, expand WebAccelerator and click Policies.
The Policies screen displays a list of existing acceleration policies.
2.
Click the Logging link next to an acceleration policy.
3.
To create individual logs for the HTTP and HTTPS protocols, select the Log HTTP and HTTPS requests separately check box in the What to Log area.
4.
In the Logs area (or HTTP Logs area, if you are logging HTTP and HTTPS separately), select the options as required:
If you select Log all transactions or Only log transactions served from cache, the screen refreshes, displaying additional options.
If you select Do not log, skip to Step 7.
5.
From the Log Format list, select a format for the logs.
If you select a log format from the list, skip to Step 7.
Optionally, click the New button to create a new log format.
a)
In the Name box, type a descriptive name for the new log format.
b)
From the Header Format Type list, select a format type.
c)
From the Format Text list, select a component, one at a time, and then click the Add button.
d)
Click the Preview button to view the a sample of the log format you created.
e)
Click the Save button.
f)
From the Log Format list, select the log format that you created.
6.
In the HTTPS Log area (available only if you are logging HTTP and HTTPS separately), select from the following options:
If you select Log all transactions or Only log transactions served from cache, the screen refreshes, displaying additional options. Repeat Step 5.
7.
Click the Save button.
This section of the chapter provides information about how to configure an example customized log format. For this example, you want your hit logs to contain the following information:
For this example, your origin web servers are all running Apache so you want your log lines to follow the NCSA Common (No Header) formatting convention, as follows:
xxx.xxx.xxx.xxx [date:time UTC_offset] "Method uri?query_parameter HTTP_ver" response_status response_length
However, you want one to customize the NCSA Common (no header) log format to add an additional field that includes the origin web server host name and IP address.
To customize the NCSA Common (no header) log format with the origin web server information
1.
In the navigation pane, expand WebAccelerator and click Policies.
The Policies screen displays a list of existing acceleration policies.
2.
Click the Logging link next to an acceleration policy.
3.
In the Logs area, click Log all transactions.
4.
From the Log Format list, select NCSA Common (no header) and click Edit.
5.
In the Name box, type a descriptive name for the log.
6.
From the Format Text list on the right side of the screen, select Hostname/IP of Origin Server and click Add.
The %B symbol appears in the Log Item Format box. Verify that there is a space before %B symbol in the Log Item Format box. If there is not, manually add a space.
7.
Click the Save button.
8.
From the Log Format menu, select the log format you created.
9.
Click the Save button.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)