Previous      Contents      Index      Next
Sun Java System Web Proxy Server 4.0.1 Administration Guide

Chapter 9
Using Log Files

You can monitor your server’s activity using several different methods. This chapter discusses how to monitor your server by recording and viewing log files. For information on using the built-performance monitoring services, or SNMP, see Monitoring Servers..

This chapter contains the following sections:

About Log Files
Logging on UNIX and Windows Platforms
Log Levels
Archiving Log Files
Setting Access Log Preferences
Setting Error Logging Options
Configuring the LOG Element
Viewing Access Log Files
Viewing Error Log Files
Working with the Log Analyzer
Viewing Events (Windows)

---

About Log Files

Server log files record your server’s activity. You can use these logs to monitor your server and to help you when troubleshooting. The error log file, located in proxy-server_name/logs/errors in the server root directory, lists all the errors the server has encountered. The access log, located in proxy-server_name/logs/access in the server root directory, records information about requests to the server and the responses from the server. You can configure the information recorded in the Proxy Server access log file. You use the log analyzer to generate server statistics. You can back up server error and access log files by archiving them.

Note	Due to limitations in the operating system, Proxy Server cannot work with log files larger than 2GB on Linux. As soon as the maximum file size is reached, logging will cease.

---

Logging on UNIX and Windows Platforms

This section discusses how log files are created. In addition, this section includes the following topics:

Default Error Logging
Logging Using syslog
Logging Using the Windows eventlog

Default Error Logging

On both the UNIX and Windows platforms, logs from the administration server are collected in the administration proxy-admserv/logs/ directory. Logs from the server instances are collected in the proxy-server_name/logs/ directory.

The default log level for the entire server can be set.You can redirect stdout and stderr to the server’s event log and direct the log output to the operating system’s system log. Additionally, you can direct stdout and stderr content to the server’s event log. Log messages by default are sent to stderr in addition to the specified server log file.

Logging Using syslog

For stable operational environments where centralized logging is required syslog is appropriate. For environments where log output is frequently required for diagnostics and debugging, individual server instance logs may be more manageable.

Note	All logged data for the server instance and administration server in one file may prove difficult to read and debug. It is recommended that you use the syslog master log file only for deployed applications that are running smoothly. Logged message are intermixed with all other logs from the Solaris daemon applications.

By using the syslog log file, in conjunction with syslogd, and the system log daemon, you can configure the syslog.conf file to:

Log messages to the appropriate system log
Write messages to the system console
Forward logged messages to a list of users, or forward logged messages to another syslogd on another host over the network

Since logging to syslog means, logs from Proxy Server, and other daemon applications are collected in the same file, logged messages are enhanced with the following information to identify Proxy Server-specific messages from the particular server instance:

Unique message ID
Timestamp
Instancename
Program name (proxyd or proxyd-wdog)
Process ID (PID of the proxyd process)
Thread ID (optional)
Server ID

The LOG element can be configured for both the administration server and the server instance in the server.xml file.

For more information on the syslog logging mechanism used in the UNIX operating environment, use the following man commands at a terminal prompt:

man syslog

man syslogd

man syslog.conf

Logging Using the Windows eventlog

For more information on the event log mechanism used in the Windows operating environment, refer to the Windows help system index for the keywords Event Logging.

---

Log Levels

The following table defines the log levels and messages in Proxy Server, in increasing order of severity.

Table 9-1  Log Levels

Log level	Description
finest finer fine	Messages indicate extent of verbosity of debug messages. finest gives the maximum verbosity.
info	Messages are informative in nature, usually related to server configuration or server status. These messages do not indicate errors that need immediate action.
warning	Messages indicate a warning. The message would probably be accompanied by an exception.
failure	Messages indicate a failure of considerable importance that can prevent normal application execution.
config	Messages relate to a variety of static configuration information, to assist in debugging problems that may be associated with particular configurations.
security	Messages indicate a security issue.
catastrophe	Messages indicate a fatal error.

---

Archiving Log Files

You can set up your access and error log files to be automatically archived. At a certain time, or after a specified interval, your logs will be rotated. Proxy Server saves the old log files and stamps the saved file with a name that includes the date and time they were saved.

For example, you can set up your access log files to rotate every hour, and Proxy Server saves and names the file “access.200505160000,” where name of the log file, year, month, day, and 24-hour time is concatenated together into a single character string. The exact format of the log archive file varies depending upon which type of log rotation you set up.

Proxy Server offers the two types of log rotation for archiving files: Internal-daemon log rotation and Cron-based log rotation.

Internal-daemon Log Rotation

This type of log rotation happens within the HTTP daemon, and can only be configured at startup time. Internal daemon log rotation allows the server to rotate logs internally without requiring a server restart. Logs rotated using this method are saved in the following format:

access.<YYYY><MM><DD><HHMM>

errors.<YYYY><MM><DD><HHMM>

You can specify the time used as a basis to rotate log files and start a new log file. For example, if the rotation start time is 12:00 a.m., and the rotation interval is 1440 minutes (one day), a new log file will be created immediately when you save and apply changes regardless of the present time. The log file will rotate every day at 12:00 a.m., and the access log will be stamped at 12:00 a.m. and saved as access.200505172400. Likewise, if you set the interval at 240 minutes (4 hours), the 4 hour intervals begin at 12:00 a.m. such that the access log files will contain information gathered from 12:00 a.m. to 4:00 a.m., from 4:00 a.m. to 8:00 a.m., and so forth.

If log rotation is enabled, log file rotation starts at server startup. The first log file to be rotated gathers information from the current time until the next rotation time. Using the previous example, if you set your start time at 12:00 a.m. and your rotation interval at 240 minutes, and the current time is 6:00 a.m., the first log file to be rotated will contain the information gathered from 6:00 a.m. to 8:00 a.m, and the next log file will contain information from 8:00 a.m. to 12:00 p.m. (noon), and so forth.

Scheduler-based Log Rotation

This type of log rotation is based on the time and day stored in the server.xml file in the server_root/proxy-server_name/config/ directory. This method allows you to archive log files immediately or have the server archive log files at a specific time on specific days. The server’s scheduler configuration options are stored in server.xml in the server_root/proxy-server_name/config/ directory. Logs rotated using the scheduler-based method are saved in the following format:

<original_filename>.<YYYY><MM><DD><HHMM>

For example, access might become access.200505171630 when it is rotated at 4:30 p.m.

Log rotation is initialized at server startup. If rotation is turned on, Proxy Server creates a time-stamped access log file and rotation starts at server startup.

Once the rotation starts, Proxy Server creates a new time stamped log file when there is a request or error that needs to be logged to the access or error log file and it occurs after the prior-scheduled “next rotate time”.

Note	You should archive the server logs before running the log analyzer.

To archive log files and to specify whether to use the Internal daemon method or the scheduler-based method, use the Archive Log page in the Server Manager.

---

Setting Access Log Preferences

During installation, an access log file named access is created for the server. You can customize access logging for any resource by specifying whether to log accesses, what format to use for logging, and whether the server should spend time looking up the domain names of clients when they access a resource.

You can specify logging preferences using the Set Access Log Preferences page in the Server Manager, or you can manually configure the following directives in the obj.conf file. In obj.conf, the server calls the function flex-init to initialize the flexible logging system and the function flex-log to record request-specific data in a flexible log format. To log requests using the common log file format, the server calls init-clf to initialize the Common Log subsystem which is used in obj.conf, and common-log to record request-specific data in the common log format (used by most HTTP servers).

Once an access log for a resource has been created, you cannot change its format unless you archive it or create a new access log file for the resource.

When changing the format of an existing log file, you should first delete/rename the existing log file OR use a different file name.

To set the access log preferences for the Administration Server

Access the Administration Server and click the Preferences tab.
Click the Set Access Log Preferences link. The Set Access Log Preferences page displays.
Select the resource from the drop-down list or click the Regular Expression button, enter a regular expression, and click OK.
Specify whether or not to log client accesses. This requires Domain Name Service (DNS) to be enabled.
Specify the absolute path for the access log file. As a default, the log files are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.

If you are editing the entire server, the default value for this field is $accesslog, the variable that denotes the access log file for the server in the configuration file.

Choose whether or not to record domain names or IP addresses of the systems accessing the server in the access log.
Choose the type of log file format to use in the access log. The following options are available:
Use Common LogFile Format. Includes client’s host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client.
Only Log. Allows you to choose which information will be logged. You can choose from the following flexible log format items:
Client Hostname. The hostname (or IP address if DNS is disabled) of the client requesting access.
Authenticate User Name. If authentication was necessary, you can have the authenticated user name listed in the access log.
System Date. The date and time of the client request.
Full Request. The exact request the client made.
Status. The status code the server returned to the client.
Content Length. The content length, in bytes, of the document sent to the client.
HTTP Header, "referer". The referer specifies the page from which the client accessed the current page. For example, if a user was looking at the results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers allow the server to create a list of backtracked links.
HTTP Header, "user-agent". The user-agent information--which includes the type of browser the client is using, its version, and the operating system on which it is running--comes from the User-agent field in the HTTP header information the client sends to the server.
Method. The HTTP request method used such as GET, PUT, or POST.
URI. Universal Resource Identifier. The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.
Query String Of The URI. Anything after the question mark in a URI. For example, for http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.
Protocol. The transport protocol and version used.
If you choose a custom format, type it in the Custom Format field.
Click OK.
Click Restart Required. The Apply Changes page displays.
Click the Restart Proxy Server button to apply the changes.

To set the access log preferences for the Server Instance

Access the Server Manager and click the Server Status tab.
Click the Set Access Log Preferences link. The Set Access Log Preferences page displays.
Select the resource from the drop-down list or click the Regular Expression button, enter a regular expression, and click OK.
Specify whether or not to log client accesses. This requires Domain Name Service (DNS) to be enabled.
Specify the absolute path for the access log file. As a default, the log files are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.

If you are editing the entire server, the default value for this field is $accesslog, the variable that denotes the access log file for the server in the configuration file.

Choose whether or not to record domain names or IP addresses of the systems accessing the server in the access log.
Choose the format the log file should be: common, extended, extended-2, only specified information ("Only log" radio button), or custom. If you click Only log, the following flexible log format items are available:
Choose the type of log file format to use in the access log. Server access logs can be in Common Logfile Format, Extended Logfile Format, Extended2 Logfile format, flexible log format, or your own customizable format. The Common Logfile Format is a commonly supported format that provides a fixed amount of information about the server. The flexible log format allows you to choose (from Proxy Server) what to log. A customizable format uses parameter blocks that you specify to control what gets logged.
Use Common LogFile Format. Includes client’s host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client.
Use Extended LogFile Format. Includes all of the fields of the common log file format as well as some additional fields such as remote status, proxy to client content length, remote to proxy content length, proxy to remote content length, client to proxy header length, proxy to client header length, proxy to remote header length, remote to proxy header length and transfer time.
Use Extended2 LogFile Format. Includes all of the fields of the extended logfile format as well as some additional fields such as client status, server status, remote status, cache finish status, and actual route.
Only Log. Allows you to choose which information will be logged. You can choose from the following flexible log format items:
Client Hostname. The hostname (or IP address if DNS is disabled) of the client requesting access.
Authenticate User Name. If authentication was necessary, you can have the authenticated user name listed in the access log.
System Date. The date and time of the client request.
Full Request. The exact request the client made.
Status. The status code the server returned to the client.
Content Length. The content length, in bytes, of the document sent to the client.
HTTP Header, "referer". The referer specifies the page from which the client accessed the current page. For example, if a user was looking at the results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers allow the server to create a list of backtracked links.
HTTP Header, "user-agent". The user-agent information--which includes the type of browser the client is using, its version, and the operating system on which it is running--comes from the User-agent field in the HTTP header information the client sends to the server.
Method. The HTTP request method used such as GET, PUT, or POST.
URI. Universal Resource Identifier. The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.
Query String Of The URI. Anything after the question mark in a URI. For example, for http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.
Protocol. The transport protocol and version used.
Cache Finish Status.This field specifies whether the cache file was written, refreshed, or returned by an up-to-date check.
Remote Server Finish Status. This field specifies if the request to the remote server was successfully carried out to completion, interrupted by the client clicking the Stop button in Netscape Navigator, or aborted by an error condition.
Status Code From Server. The status code returned from the server.
Route To Proxy (PROXY, SOCKS, DIRECT). The route used to retrieve the resource. The document can be retrieved directly, through a proxy, or through a SOCKS server.
Transfer Time. The length of time of the transfer, in seconds or milliseconds.
Header-length From Server Response. The length of the header from the server response.
Request Header Size From Proxy To Server. The size of the request header from the proxy to the server.
Response Header Size Sent To Client. The size of the response header sent to the client.
Request Header Size Received From Client. The size of the request header received from the client.
Content-length From Proxy To Server Request. The length, in bytes, of the document sent from the proxy to the server.
Content-length Received From Client. The length, in bytes, of the document from the client.
Content-length From Server Response. The length, in bytes, of the document from the server.
Unverified User From Client. The user name given to the remote server during authentication.
If you choose a custom format, type it in the Custom Format field.
If you do not want to log client access from certain host names or IP addresses, type them in the host names and IP Addresses fields. Type a wildcard pattern of hosts from which the server should not record accesses. For example, *.example.com does not log accesses from people whose domain is example.com. You can type wildcard patterns for host names, IP addresses, or both.
Choose whether to include the format string in the log file. If you are using the Proxy Server’s log analyzer, you should include a format string. If you are using a third-party analyzer, you may not want to include a format string in your logfile.
Click OK.
Click Restart Required. The Apply Changes page appears.
Click the Restart Proxy Server button to apply the changes.

Easy Cookie Logging

Proxy Server has an easy way to log a specific cookie using the flexlog facility. Add “Req->headers.cookie.cookie_name” to the line that initializes the flex-log subsystem in the configuration file obj.conf. This logs the value of the cookie variable cookie_name if the cookie variable is present in the request’s headers, and logs “-” if it is not present.

---

Setting Error Logging Options

Proxy Server allows you to configure the information to be logged in the server’s errors logs.

To set the error logging options

To set the error logging options from the Administration Server, choose the Preferences tab, and then click the Set Error Log Preferences link.

To set the error logging options for the server instance from the Server Manager, choose the Server Status tab, and then click the Set Error Log Preferences link.

Specify the file that stores messages from the server in the Error Log File Name field.
From the Log Level drop-down list, specify the amount of information that should be logged in the errors log. The following options are available:
Select the Log Stdout checkbox if you want stdout output to be redirected to the errors log.
Select the Log Stderr checkbox if you want stderr output to be redirected to the errors log.
Select the Log To Console checkbox to redirect log messages to the console.
Select the Use System Logging checkbox if you want to use the UNIX syslog service or Windows Event Logging to produce and manage logs.
Click OK.
Click Restart Required. The Apply Changes page appears.
Click the Restart Proxy Server button to apply the changes.

---

Configuring the LOG Element

The following table describes the attributes for the LOG element you can configure in the server.xml file:

Table 2  LOG attribute

Attribute	Default	Description
file	errors	Specifies the file that stores messages from the server.
loglevel	info	Controls the default type of messages logged by other elements to the error log. Allowed values are as follows, from highest to lowest: finest, fine, fine, info, warning, failure, config, security, and catastrophe.
logstdout	true	(optional) If true, redirects stdout output to the errors log. Legal values are on, off, yes, no, 1, 0, true, false.
logstderr	true	(optional) If true, redirects stderr output to the errors log. Legal values are on, off, yes, no, 1, 0, true, false.
logtoconsole	true	(optional, UNIX only) If true, redirects log messages to the console.
createconsole	false	(optional, Windows only) If true, creates a Windows console for stderr output. Legal values are on, off, yes, no, 1, 0, true, false.
usesyslog	false	(optional) If true, uses the UNIX syslog service or Windows Event Logging to produce and manage logs. Legal values are on, off, yes, no, 1, 0, true, false.

---

Viewing Access Log Files

You can view the server’s active and archived access log files.

To view the Administration Server’s access log from the Administration Server, choose the Preferences tab, and then click the View Access Log link.

To view an access log for the server instance from the Server Manager, choose the Server Status tab, and then click the View Access Log link.

The following is an example of an access log in the Common Logfile Format (you specify the format in the Log Preferences window; see Setting Access Log Preferences for more information):

198.18.17.222 - - [20/May/2005:14:15:49 +0530] "GET http://www.example.com/ HTTP/1.1" 504 622 198.18.17.222 - abc [20/May/2005:14:16:09 +0530] "GET http://www.test.com/report.zip HTTP/1.1" 504 630

Table # describes the last line of this sample access log.

Table 9-3  The fields in the last line of the sample access log file 

Access Log Field	Example
Hostname or IP address of client	198.18.17.222 (In this case, the client’s IP address is shown because the proxy server’s setting for DNS lookups is disabled;if DNS lookups were enabled, the client’s hostname would appear.
RFC 931 information	- (RFC 931 identity not implemented)
Username	abc (username entered by the client for authentication)
Date/time of request	20/May/2005:14:16:09 +0530
Request	GET
Protocol	HTTP/1.1
Status code	504
Bytes transferred	630

---

Viewing Error Log Files

The error log file contains errors the server has encountered since the log file was created; it also contains informational messages about the server, such as when the server was started. Unsuccessful user authentication is also recorded in the error log. Use the error log to find broken URL paths or missing files.

To view the Administration Server’s error log file, from the Administration Server, choose the Preferences tab, and click View Error Log link.

To view a server instance’s error log file, from the Server Manager, choose the Server Status tab, and click the View Error Log link.

The following are three examples of entries in the error log.

20/May/2005:14:08:37] info ( 6141): CORE1116: Sun Java System Web Proxy Server 4.0 B05/10/2005 01:26 20/May/2005:14:08:37] info ( 6142): CORE3274: successful server startup 20/May/2005:14:08:37] security (23246): for host 198.18.148.89 trying to GET /, deny-service reports: denying service of /

---

Working with the Log Analyzer

The server_root/extras/log_anly directory contains the log analysis tool that runs through the Server Manager user interface. This log analyzer analyzes files in common log format only. The HTML document in the log_anly directory that explains the tool’s parameters. The server-install/extras/flexanlg directory contains the command-line log analyzer for the flexible log file format. However, the Server Manager defaults to using the flexible log file reporting tool, regardless of the log file format you have selected.

Use the log analyzer to generate statistics about your default server, such as a summary of activity, most commonly accessed URLs, times during the day when the server is accessed most frequently, and so on. You can run the log analyzer from the Proxy Server or the command line.

You must set the library path before attempting to run the flexanlg command line utility. The settings for various platforms are as follows:

Solaris and Linux:

LD_LIBRARY_PATH=server_root/bin/proxy/lib:$LD_LIBRARY_PATH

AIX:

LIBPATH=server_root/bin/proxy/lib:$LIBPATH

HP-UX:

SHLIB_PATH=server_root/bin/proxy/lib:$SHLIB_PATH

Windows:

path=server_root\bin\proxy\bin;%path%

Note	Before running the log analyzer, you should archive the server logs. For more information about archiving server logs, see Archiving Log Files.

You can also type ./start -shell at the command prompt after changing to the server_root/proxy-serverid directory instead of setting the library path.

If you use the extended or extended-2 logging format, the log analyzer generates several reports within the output file in addition to the information that you designate to be reported. The following sections describe these reports.

Transfer Time Distribution Report

The transfer time distribution report shows the time it takes your proxy server to transfer requests. This report displays the information categorized by service time and by percentage finished. The following is a sample transfer time distribution report.

By service time category:

< 1 sec [644%] ........................................

< 2 sec [33.3%] ....................

< 3 sec [ 2.7%] .

< 4 sec [ 1.7%] .

< 5 sec [ 0.6%]

< 6 sec [ 0.4%]

< 7 sec [ 0.2%]

< 8 sec [ 0.0%]

< 9 sec [ 0.0%]

By percentage finished:

< 1 sec [64.4%] ........................................

< 2 sec [97.7%] ....................................

< 3 sec [100.4%]..............................................

Status Code Report

The status code report shows which and how many status codes the proxy server received from the remote server and sent to the client. The status code report also provides explanations for all of these status codes. The following is a sample status code report.

Code	-From remote-	-To client-	-Explanation-
200	338 [70.7%]	352 [73.6%]	OK
302	33 [ 6.9%]	36 [ 7.5%]	Redirect
304	90 [18.8%]	99 [20.7%]	Not modified
404	3 [ 0.6%]	3 [ 0.6%]	Not found
407		5 [ 1.0%]	Proxy authorization required
500		2 [ 0.4%]	Internal server error
504		6 [ 1.3%]	Gateway timeout

Data Flow Report

The data flow report shows the data flow (the number of bytes transferred) from the client to the proxy, the proxy to the client, the proxy to the remote server, and the remote server to the proxy. For each of these scenarios, the report shows how much data was transferred in the form of headers and content. The data flow report also shows the data flow from the cache to the client. The following is a sample data flow report.

	Headers	Content	Total
- Client -> Proxy.........	0 MB	0 MB	0 MB
- Proxy -> Client...........	0 MB	2 MB	3 MB
- Proxy -> Remote...........	0 MB	0 MB	0 MB
- Remote -> Proxy..........	0 MB	2 MB	2 MB
Approx:
- Cache -> Client...........	0 MB	0 MB	0 MB

Requests and Connections Report

The requests and connections report shows the number of requests the proxy server receives from clients, the number of connections the proxy makes to a remote server (initial retrievals, up-to-date checks, and refreshes), and the number of remote connections the proxy server avoids by using cached documents. The following is a sample requests and connections report.

- Total requests............. 478

- Remote connections......... 439

- Avoided remote connects.... 39 [ 8.2%]

Cache Performance Report

The cache performance report shows the performance of the clients’ caches, the proxy server’s cache, and the direct connections.

Client Cache

Note	A client cache hit occurs when a client performs an up-to-date check on a document and the remote server returns a 304 message telling the client that the document was not modified. An up-to-date check initiated by a client indicates that the client has its own copy of the document in the cache.

For the client’s cache, the report shows:

client and proxy cache hits: a client cache hit in which the proxy server and the client both have a copy of the requested document and the remote server is queried for an up-to-date check with respect to the proxy’s copy and the client’s request is then evaluated with respect to the proxy’s copy. The cache performance report shows the number of requests of this type that the proxy serviced and the average amount of time it took to service these requests.
proxy shortcut no-check: a client cache hit in which the proxy server and the client both have a copy of the requested document and the proxy server tells the client (without checking with the remote server) that the document in the client’s cache is up-to-date. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.
client cache hits only: a client cache hit in which only the client has a cached copy of the requested document. In this type of request, the proxy server directly tunnels the client’s If-modified-since GET header. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.
total client cache hits: the total number of client cache hits and the average amount of time it took to service these requests.

Proxy Cache

A proxy cache hit occurs when a client requests a document from a proxy server and the proxy server already has the document in its cache. For the proxy server’s cache hits, the report shows:

proxy cache hits with check: a proxy cache hit in which the proxy server queries the remote server for an up-to-date check on the document. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.
proxy cache hits without check: a proxy cache hit in which the proxy server does not query the remote server for an up-to-date check on the document. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.
pure proxy cache hits: a proxy cache hit in which the client does not have a cached copy of the requested document. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.

Proxy Cache Hits Combined

For the proxy cache hits combined, the report shows:

total proxy cache hits: the total number of hits to the proxy server’s cache and the average amount of time it took to service these requests.

Direct Transactions

Direct transactions are those that go directly from the remote server to the proxy server to the client without any cache hits. For the direct transactions, the report shows:

retrieved documents: documents retrieved directly from the remote server. The cache performance report shows the number of requests of this type that the proxy serviced, the average time it took to service these requests, and the percentage of total transactions.
other transactions: transactions that are returned with a status code other than 200 or 304. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.
total direct traffic: requests (both failed requests and successfully retrieved documents) that went directly from the client to the remote server. The cache performance report shows the number of requests of this type that the proxy serviced, the average time it took to service these requests, and the percentage of total transactions.

The following is a sample cache performance report.

CLIENT CACHE: - Client & proxy cache hits... 86 reqs [18.0%] 0.21 sec/req - Proxy shortcut no-check........ 13 reqs [ 2.7%] 0.00 sec/req - Client cache hits only..... - TOTAL client cache hits.......... 99 reqs [20.7%] 0.18 sec/req PROXY CACHE: - Proxy cache hits w/check........ 4 reqs [ 0.8%] 0.50 sec/req - Proxy cache hits w/o check.. 10 reqs [ 2.1%] 0.00 sec/req - Pure proxy cache hits...... 14 reqs [ 2.9%] 0.14 sec/req PROXY CACHE HITS COMBINED: - TOTAL proxy cache hits....... 113 reqs [23.6%] 0.18 sec/req DIRECT TRANSACTIONS: - Retrieved documents..313 reqs [65.5%] 0.90 sec/req 2 MB - Other transactions.. 52 reqs [10.9%] 7.79 sec/req - TOTAL direct traffic..365 reqs [76.4%] 1.88 sec/req 2 MB

Transfer Time Report

The transfer time report shows the information about the time it takes for the proxy server to process a transaction. This report shows values for the following categories:

average transaction time: the average of all transfer times logged.

average transfer time without caching: the average of transfer times for transactions which are not returned from the cache (200 response from remote server).

average with caching, without errors: the average of transfer times for all non-error transactions (2xx and 3xx status codes).

average transfer time improvement: the average transaction time minus the average transfer time with caching, without errors.

The following is a sample transfer time report.

- Average transaction time... 1.48 sec/req
- Ave xfer time w/o caching.. 0.90 sec/req
- Ave w/caching, w/o errors.. 0.71 sec/req
- Ave xfer time improvement.. 0.19 sec/req

Hourly Activity Report

For each analyzed hour, the hourly activity report shows:

the load average
the number of cache hits with no up-to-date check to the remote server
the number of hits to the proxy server’s cache with an up-to-date check to the remote sever that proves that the document is up-to-date and the document is in the client cache
the number of hits to the proxy server’s cache with an up-to-date check to the remote sever that proves that the document is up-to-date and the document is not in the client cache
the number of hits to the proxy server’s cache with an up-to-date check to the remote server that caused part of the document to be updated.
the number of hits to the proxy server’s cache with an up-to-date check to the remote server that returned a new copy of the requested document with a 200 status code.

the number of requests for which documents are directly retrieved from the remote server without any hits to the proxy server’s cache

To run the log analyzer from the Server Manager

Access the Server Manager, and click the Server Status tab.
Click the Generate Report link. The Generate Report page displays.
Type the name of your server; this name appears in the generated report.
Choose whether or not the report will appear in HTML or ASCII format.
Select the log file you want to analyze.
If you want to save the results in a file, type an output filename in the Output File field. If you leave the field blank, the report results print to the screen. For large log files, you should save the results to a file because printing the output to the screen might take a long time.
Select whether or not to generate totals for certain server statistics. The following totals can be generated:
Total Hits. The total number of hits the server received since access logging was enabled.
304 (Not Modified) Status Codes. The number of times a local copy of the requested document was used, rather than the server returning the page.
302 (Redirects) Status Codes. The number of times the server redirected to a new URL because the original URL moved.
404 (Not Found) Status Codes. The number of times the server could not find the requested document or the server did not serve the document because the client was not an authorized user.
500 (Server Error) Status Codes. The number of times a server-related error occurred.
Total Unique URLs. The number of unique URLs accessed since access logging was enabled.
Total Unique Hosts. The number of unique hosts who have accessed the server since access logging was enabled.
Total Kilobytes Transferred. The number of kilobytes the server transferred since access logging was enabled.
Select whether or not to generate general statistics. If you choose to generate statistics, choose from the following:
Find Top Number Seconds Of Log. Generates statistics based on information from the most recent number of seconds.
Find Top Number Minutes Of Log. Generates statistics based on information from the most recent number of minutes.
Find Top Number Hours Of Log. Generates statistics based on information from the most recent number of hours.
Find Number Users (If Logged). Generates statistics based on information from the number of users.
Find Top Number Referers (If Logged). Generates statistics based on information from the number of referers.
Find Top Number User Agents (If Logged). Generates statistics based on information on the user agents, for example, the browser type, its version, and the operating system.
Find Top Number Miscellaneous Logged Items (If Logged). Generates statistics based on information from the number of user.
Select whether or not to generate lists. If you choose to generate lists, specify the items from the following list for which you would like to generate lists:
URLs Accessed. Displays the URLs that were accessed.
Number Most Commonly Accessed URL. Displays the most commonly accessed URLs or URLs that were accessed more than a specified number of times.
URLs That Were Accessed More Than Number Times. Displays the URL that were accessed more times than the number specified.
Hosts Accessing Your Server. Displays the hosts that accessed the Proxy Server.
Number Hosts Most Often Accessing Your Server. Displays the hosts most often accessing your server or hosts that have accessed your server more than a specified number of times
Hosts That Accessed Your Server More Than Number Times. Displays the hosts that accessed your server more times than the number specified.
Specify the order in which you want to see the results. Prioritize the following items from 1 to 3 in the order that you would like each section to appear in the report. If you chose to not generate any of them, the section will automatically be left out. The options include the following:
Find Totals
General Statistics
Make Lists
Click OK. The report appears in a new window.

To run the log analyzer from the command line

To analyze access log files from the command line, run the tool, flexanlg, which is in the directory server-install/extras/flexanlg.

To run flexanlg, type the following command and options at the command prompt:

./flexanlg [-n name] [-x] [-r] [-p order] [-i file]* [ -m metafile ]* [-o file][-c opts] [-t opts] [-l opts]

Options marked * can be repeated.

The following describes the syntax. (You can get this information online by typing ./flexanlg -h.):

-P: proxy log format Default: no -n servername: The name of the server -x : Output in HTML Default: no -r : Resolve IP addresses to hostnames Default: no -p [c,t,l]: Output order (counts, time stats, lists) Default: ctl -i filename: Input log file                           Default: none -o filename: Output log file Default: stdout -m filename: Meta file                                Default: none -c [h,n,r,f,e,u,o,k,c,z]: Count these item(s) - Default: hnreuokc     h: total hits     n: 304 Not Modified status codes (Use Local Copy)     r: 302 Found status codes (Redirects)     f: 404 Not Found status codes (Document Not Found)     e: 500 Server Error status codes (Misconfiguration)     u: total unique URL's     o: total unique hosts     k: total kilobytes transferred     c: total kilobytes saved by caches     z: Do not count any items. -t [sx,mx,hx, xx,z]: Find time stats -      Default:s5m5h10u10a10r10x10     s(number): Find top (number) seconds of log     m(number): Find top (number) minutes of log     h(number): Find top (number) hours of log     u(number): Find top (number) users of log     a(number): Find top (number) user agents of log     r(number): Find top (number) referers of log     x(number): Find top (number) for miscellaneous keywords     z: Do not find any time stats. -l [cx,hx]: Make a list of -                          Default: c+3h5     c(x,+x): Most commonly accessed URL’s              (x: Only list x entries)              (+x: Only list if accessed more than x times)     h(x,+x): Hosts (or IP addresses) most often accessing your server              (x: Only list x entries)              (+x: Only list if accessed more than x times)     z: Do not make any lists.

---

Viewing Events (Windows)

In addition to logging errors to the server error log, Proxy Server logs severe system errors to the Event Viewer. The Event Viewer lets you monitor events on your system. Use the Event Viewer to see errors resulting from fundamental configuration problems, which can occur before the error log can be opened.

To use the Event Viewer

From the Start menu, select Programs and then Administrative Tools. Choose Event Viewer in the Administrative Tools program group.
Choose Application from the Log menu.

The Application log appears in the Event Viewer. Errors from Proxy Server has a source label of proxy-serverid.

Choose Find from the View menu to search for one of these labels in the log. Choose Refresh from the View menu to see updated log entries.

For more information about the Event Viewer, consult your system documentation.

Previous      Contents      Index      Next

---

Part No: 819-3650-10.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.