test

Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Chapter 9 Using Log Files

You can monitor your server’s activity using several different methods. This chapter discusses how to monitor your server by recording and viewing log files. For information on using the built-performance monitoring services, or SNMP, see Chapter 10, Monitoring Servers.

This chapter contains the following sections:

About Log Files

Server log files record your server’s activity. You can use these logs to monitor your server and to help you when troubleshooting. The error log file, located in proxy-server_name/logs/errors in the server root directory, lists all the errors the server has encountered. The access log, located in proxy-server_name/logs/access in the server root directory, records information about requests to the server and the responses from the server. You can configure the information recorded in the Proxy Server access log file. You use the log analyzer to generate server statistics. You can back up server error and access log files by archiving them.

Note –

Due to limitations in the operating system, the Proxy Server cannot work with log files larger than 2 Gbytes on Linux. As soon as the maximum file size is reached, logging will cease.

Logging on UNIX and Windows Platforms

This section discusses how log files are created. In addition, this section includes the following topics:

Note –

For more information on the event log mechanism used in the Windows operating environment, refer to the Windows help system index for the keywords Event Logging.

Default Error Logging

On both the UNIX and Windows platforms, logs from the administration server are collected in the administration proxy-admserv/logs/ directory. Logs from the server instances are collected in the proxy-server_name/logs/ directory.

The default log level for the entire server can be set. You can redirect stdout and stderr to the server’s event log and direct the log output to the operating system’s system log. Additionally, you can direct stdout and stderr content to the server’s event log. Log messages by default are sent to stderr in addition to the specified server log file.

Logging Using syslog

For stable operational environments where centralized logging is required, syslog is appropriate. For environments where log output is frequently required for diagnostics and debugging, individual server instance logs might be more manageable.

Because storing logged data for the server instance and administration server in one file might prove difficult to read and debug, use the syslog master log file only for deployed applications that are running smoothly.

Logged message are intermixed with all other logs from the Solaris daemon applications.

By using the syslog log file in conjunction with syslogd and the system log daemon, you can configure the syslog.conf file to perform the following actions:

Because logging to syslog implies that logs from Proxy Server and other daemon applications are collected in the same file, logged messages are enhanced with the following information to identify Proxy Server-specific messages from the particular server instance:

The LOG element can be configured for both the administration server and the server instance in the server.xml file.

For more information on the syslog logging mechanism used in the UNIX operating environment, use the following man commands at a terminal prompt:

man syslog
man syslogd
man syslog.conf

Log Levels

The following table defines the log levels and messages in Proxy Server, in increasing order of severity.

Table 9–1 Log Levels

Log level  

Description  

finest

finer

fine

Messages indicate extent of verbosity of debug messages. finest gives the maximum verbosity.

info

Messages are informative in nature, usually related to server configuration or server status. These messages do not indicate errors that need immediate action. 

warning

Messages indicate a warning. The message would probably be accompanied by an exception. 

failure

Messages indicate a failure of considerable importance that can prevent normal application execution. 

config

Messages relate to a variety of static configuration information, to assist in debugging problems that may be associated with particular configurations. 

security

Messages indicate a security issue. 

catastrophe

Messages indicate a fatal error. 

Archiving Log Files

You can set up your access and error log files to be automatically archived. At a certain time, or after a specified interval, your logs will be rotated. Proxy Server saves the old log files and stamps the saved file with a name that includes the date and time they were saved.

For example, you can set up your access log files to rotate every hour. The Proxy Server saves and names the file “access.200505160000,” where the name of the log file, year, month, day, and 24-hour time is concatenated together into a single character string. The format of the log archive file varies depending upon which type of log rotation you set up.

The Proxy Server offers the two types of log rotation for archiving files: internal-daemon log rotation and cron-based log rotation.

Internal-Daemon Log Rotation

Internal-daemon log rotation happens within the HTTP daemon, and can only be configured at startup time. The server rotates logs internally without requiring a server restart. Logs rotated using this method are saved in the following format:

access.<YYYY><MM><DD><HHMM>

errors.<YYYY><MM><DD><HHMM>

You can specify the time used as a basis to rotate log files and start a new log file. For example, if the rotation start time is 12:00 a.m. and the rotation interval is 1440 minutes (one day), a new log file will be created immediately when you save and apply changes regardless of the present time. The log file will rotate every day at 12:00 a.m., and the access log will be stamped at 12:00 a.m. and saved as access.200505172400. Likewise, if you set the interval at 240 minutes (4 hours), the four-hour intervals begin at 12:00 a.m. such that the access log files will contain information gathered from 12:00 a.m. to 4:00 a.m., from 4:00 a.m. to 8:00 a.m., and so forth.

If log rotation is enabled, log file rotation starts at server startup. The first log file to be rotated gathers information from the current time until the next rotation time. Using the previous example, if you set your start time at 12:00 a.m. and your rotation interval at 240 minutes, and the current time is 6:00 a.m., the first log file to be rotated will contain the information gathered from 6:00 a.m. to 8:00 a.m, and the next log file will contain information from 8:00 a.m. to 12:00 p.m. (noon), and so forth.

Scheduler-based Log Rotation

Scheduler-based log rotation is based on the time and day stored in the server.xml file in the server-root/proxy-server_name/config/ directory. This method allows you to archive log files immediately or have the server archive log files at a specific time on specific days. The server’s scheduler configuration options are stored in server.xml in the server-root/proxy-server_name/config/ directory. Logs rotated using the scheduler-based method are saved in the following format:

<original_filename>.<YYYY><MM><DD><HHMM>

For example, access might become access.200505171630 when it is rotated at 4:30 p.m.

Log rotation is initialized at server startup. If rotation is turned on, the Proxy Server creates a time-stamped access log file and rotation starts at server startup.

Once the rotation starts, the Proxy Server creates a new time stamped log file when a request or error occurs after the prior-scheduled “next rotate time” that needs to be logged to the access or error log file.

Note –

Archive the server logs before running the log analyzer.

To archive log files and to specify whether to use the Internal daemon method or the scheduler-based method, use the Archive Log page in the Server Manager.

Setting Access Log Preferences

During installation, an access log file named access is created for the server. You can customize access logging for any resource by specifying whether to log accesses, what format to use for logging, and whether the server should spend time looking up the domain names of clients when they access a resource.

You can specify logging preferences using the Set Access Log Preferences page in the Server Manager, or you can manually configure directives in the obj.conf file. In obj.conf, the server calls the function flex-init to initialize the flexible logging system and the function flex-log to record request-specific data in a flexible log format. To log requests using the common log file format, the server calls init-clf to initialize the Common Log subsystem which is used in obj.conf, and common-log to record request-specific data in the common log format used by most HTTP servers.

Once an access log for a resource has been created, you cannot change its format unless you archive it or create a new access log file for the resource.

Table 9–2 Log File Formats for the Administration Server

Log Format Item 

Description 

Client Hostname

The hostname (or IP address if DNS is disabled) of the client requesting access. 

Authenticate User Name

If authentication is necessary, you can list the authenticated user name in the access log. 

System Date

The date and time of the client request. 

Full Request

The exact request the client made. 

Status

The status code the server returned to the client. 

Content Length

The content length, in bytes, of the document sent to the client. 

HTTP Header, “referer”

The referer specifies the page from which the client accessed the current page. For example, if a user is looking at the results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers enable the server to create a list of backtracked links. 

HTTP Header, “user-agent”

The user-agent information, which includes the type of browser the client is using, its version, and the operating system on which it is running. This information comes from the User-agent field in the HTTP header information that the client sends to the server. 

Method

The HTTP request method used, such as GET, PUT, or POST. 

URI

Universal Resource Identifier. The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.

Query String Of The URI

Any text after the question mark in a URI. For example, for http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.

Protocol

The transport protocol and version used. 

When changing the format of an existing log file, you should first delete/rename the existing log file OR use a different file name.

ProcedureTo Set the Access Log Preferences for the Administration Server

  1. Access the Administration Server and click the Preferences tab.

  2. Click the Set Access Log Preferences link.

    The Set Access Log Preferences page is displayed.

  3. Select the resource from the drop-down list or click the Regular Expression button, type a regular expression, and click OK.

  4. Specify whether to log client accesses.

    This setting requires Domain Name Service (DNS) to be enabled.

  5. Specify the absolute path for the access log file.

    As a default, the log files are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.

    If you are editing the entire server, the default value for this field is $accesslog, the variable that denotes the access log file for the server in the configuration file.

  6. Choose whether record domain names or IP addresses of the systems accessing the server in the access log.

  7. Choose the type of log file format to use in the access log.

    The following options are available:

    • Use Common LogFile Format. Includes client’s host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client.

    • Only Log. Enables you to determine which information will be logged. You can choose from the flexible log format items listed in Table 9–2.

    • If you choose a custom format, type it in the Custom Format field.

  8. Click OK.

  9. Click Restart Required.

    The Apply Changes page is displayed.

  10. Click the Restart Proxy Server button to apply the changes.

Setting Access Log Preferences for the Server Instance

The flexible log formats that you can use to set the access log preferences for the server instance are listed in the following table.

Table 9–3 Log File Formats for the Server Instance

Log Format Item 

Description 

Client Hostname

The hostname (or IP address if DNS is disabled) of the client requesting access. 

Authenticate User Name

If authentication was necessary, you can have the authenticated user name listed in the access log. 

System Date

The date and time of the client request. 

Full Request

The exact request the client made. 

Status

The status code the server returned to the client. 

Content Length

The content length, in bytes, of the document sent to the client. 

HTTP Header, “referer”

The referer specifies the page from which the client accessed the current page. For example, if a user is looking at the results from a text search query, the referer would be the page from which the user accessed the text search engine. Referers enable the server to create a list of backtracked links. 

HTTP Header, “user-agent”

The user-agent information, which includes the type of browser the client is using, its version, and the operating system on which it is running. This information comes from the User-agent field in the HTTP header information that the client sends to the server. 

Method

The HTTP request method used such as GET, PUT, or POST. 

URI

Universal Resource Identifier. The location of a resource on the server. For example, for http://www.a.com:8080/special/docs, the URI is special/docs.

Query String Of The URI

Any text after the question mark in a URI. For example, for http://www.a.com:8080/special/docs?find_this, the query string of the URI is find_this.

Protocol

The transport protocol and version used. 

Cache Finish Status

This field specifies whether the cache file was written, refreshed, or returned by an up-to-date check. 

The cs field can hold one of the following: 

- means that the resource was not cacheable. 

WRITTEN means that the cache file was created. 

REFRESHED means that the cache file was updated or refreshed. 

NO-CHECK means that the cache file was returned without an up-to-date check. 

UP-TO-DATE means that the cache file was returned with an up-to-date check 

HOST-NOT-AVAILABLE means that the remote server was not available for an up-to date check, so the cache file was returned without a check. 

CL-MISMATCH means that the cache file write was aborted due to a content-length mismatch 

ABORTED means that caching was aborted due to a particular reason. For eg. the absense of a valid Last-Modified header. 

Remote Server Finish Status

This field specifies if the request to the remote server was successfully carried out to completion, interrupted by the client clicking the Stop button in the browser, or aborted by an error condition. 

Status Code From Server

The status code returned from the server. 

Route To Proxy (PROXY, SOCKS, DIRECT)

The route used to retrieve the resource. The document can be retrieved directly, through a proxy, or through a SOCKS server. 

Transfer Time

The length of time of the transfer, in seconds or milliseconds. 

Header-length From Server Response

The length of the header from the server response. 

Request Header Size From Proxy To Server

The size of the request header from the proxy to the server. 

Response Header Size Sent To Client.

The size of the response header sent to the client. 

Request Header Size Received From Client

The size of the request header received from the client. 

Content-length From Proxy To Server Request.

The length, in bytes, of the document sent from the proxy to the server. 

Content-length Received From Client

The length, in bytes, of the document from the client. 

Content-length From Server Response

The length, in bytes, of the document from the server. 

Unverified User From Client

The user name given to the remote server during authentication. 

ProcedureTo Set the Access Log Preferences for the Server Instance

  1. Access the Server Manager and click the Server Status tab.

  2. Click the Set Access Log Preferences link.

    The Set Access Log Preferences page is displayed.

  3. Select the resource from the drop-down list or click the Regular Expression button, type a regular expression, and click OK.

  4. Specify whether to log client accesses.

    This setting requires Domain Name Service (DNS) to be enabled.

  5. Specify the absolute path for the access log file.

    The log files by default are kept in the logs directory in the server root. If you specify a partial path, the server assumes the path is relative to the logs directory in the server root.

    If you are editing the entire server, the default value for this field is $accesslog, the variable that denotes the access log file for the server in the configuration file.

  6. Choose whether to record domain names or IP addresses of the systems accessing the server in the access log.

  7. Choose the format the log file should be: common, extended, extended-2, only specified information (“Only log” radio button), or custom.

    If you click Only log, the following flexible log format items are available:

  8. Choose the type of log file format to use in the access log.

    Server access logs can be in Common Logfile Format, Extended Logfile Format, Extended2 Logfile format, flexible log format, or your own customizable format. The Common Logfile Format is a commonly supported format that provides a fixed amount of information about the server. The flexible log format enables you to choose (from Proxy Server) what to log. A customizable format uses parameter blocks that you specify to control what gets logged.

    • Use Common LogFile Format. Includes client’s host name, authenticated user name, date and time of request, HTTP header, status code returned to the client, and content length of the document sent to the client.

    • Use Extended LogFile Format. Includes all of the fields of the common log file format as well as some additional fields such as remote status, proxy to client content length, remote to proxy content length, proxy to remote content length, client to proxy header length, proxy to client header length, proxy to remote header length, remote to proxy header length and transfer time.

    • Use Extended2 LogFile Format. Includes all of the fields of the extended logfile format as well as some additional fields such as client status, server status, remote status, cache finish status, and actual route.

    • Only Log. Allows you to choose which information will be logged. You can choose from the flexible log format items listed in Table 9–3.

    • If you choose a custom format, type it in the Custom Format field.

  9. If you do not want to log client access from certain host names or IP addresses, type them in the host names and IP Addresses fields.

    Type a wildcard pattern of hosts from which the server should not record accesses. For example, *.example.com does not log accesses from people whose domain is example.com. You can type wildcard patterns for host names, IP addresses, or both.

  10. Choose whether to include the format string in the log file.

    If you are using the Proxy Server’s log analyzer, you should include a format string. If you are using a third-party analyzer, you may not want to include a format string in your log file.

  11. Click OK.

  12. Click Restart Required.

    The Apply Changes page appears.

  13. Click the Restart Proxy Server button to apply the changes.

Easy Cookie Logging

Proxy Server has an easy way to log a specific cookie using the flexlog facility. Add Req->headers.cookie.cookie_name to the line that initializes the flex-log subsystem in the configuration file obj.conf. This instruction logs the value of the cookie variable cookie_name if the cookie variable is present in the request’s headers, and logs - if it is not present.

Setting Error Logging Options

You can configure the information to be logged in the server’s errors logs.

ProcedureTo Set the Error Logging Options

  1. To set the error logging options from the Administration Server, choose the Preferences tab, and then click the Set Error Log Preferences link.

    To set the error logging options for the server instance from the Server Manager, choose the Server Status tab, and then click the Set Error Log Preferences link.

  2. Specify the file that stores messages from the server in the Error Log File Name field.

  3. From the Log Level drop-down list, specify the amount of information that should be logged in the errors log. The following options are available:

  4. To redirect stdout ouput to the errors log, select Log Stdout.

  5. To redirect stderr output to the errors log, select Log Stderr.

  6. To redirect log messages to the console, select Log To Console.

  7. To use the UNIX syslog service or Windows Event Logging to produce and manage logs, select Use System Logging.

  8. Click OK.

  9. Click Restart Required.

    The Apply Changes page appears.

  10. Click the Restart Proxy Server button to apply the changes.

Configuring the LOG Element

The following table describes the attributes for the LOG element you can configure in the server.xml file.

Table 9–4 LOG attribute

Attribute  

Default  

Description  

file

errors

Specifies the file that stores messages from the server. 

loglevel

info

Controls the default type of messages logged by other elements to the error log. Allowed values are as follows, from highest to lowest: 

finest, fine, fine, info, warning, failure, config, security, and catastrophe.

logstdout

true

(optional) If true, redirects stdout output to the errors log. Valid values are on, off, yes, no, 1, 0, true, false.

logstderr

true

(optional) If true, redirects stderr output to the errors log. Valid values are on, off, yes, no, 1, 0, true, false.

logtoconsole

true

(optional, UNIX only) If true, redirects log messages to the console.

createconsole

false

(optional, Windows only) If true, creates a Windows console for stderr output. Valid values are on, off, yes, no, 1, 0, true, false.

usesyslog

false

(optional) If true, uses the UNIX syslog service or Windows Event Logging to produce and manage logs. Valid values are on, off, yes, no, 1, 0, true, false.

Viewing Access Log Files

You can view the server’s active and archived access log files.

To view the Administration Server’s access log from the Administration Server, choose the Preferences tab, and then click the View Access Log link.

To view an access log for the server instance from the Server Manager, choose the Server Status tab, and then click the View Access Log link.

The following example shows an access log in the Common Logfile Format.


198.18.17.222 - - [20/May/2005:14:15:49 +0530] 
"GET http://www.example.com/ HTTP/1.1" 504 622 198.18.17.222 - abc 
[20/May/2005:14:16:09 +0530] "GET http://www.test.com/report.zip HTTP/1.1" 
504 630

The following table describes the last line of this sample access log.

Access Log Field 

Example 

Hostname or IP address of client 

198.18.17.222 (In this case, the client’s IP address is shown because the proxy server’s setting for DNS lookups is disabled;if DNS lookups were enabled, the client’s hostname would appear.

RFC 931 information 

- (RFC 931 identity not implemented) 

Username 

abc (username entered by the client for authentication)

Date/time of request 

20/May/2005:14:16:09 +0530 

Request 

GET 

Protocol 

HTTP/1.1 

Status code 

504 

Bytes transferred 

630 

Viewing Error Log Files

The error log file contains errors the server has encountered since the log file was created. The file also contains informational messages about the server, such as when the server was started. Unsuccessful user authentication is also recorded in the error log. Use the error log to find broken URL paths or missing files.

To view the Administration Server’s error log file, from the Administration Server, choose the Preferences tab, and click the View Error Log link.

To view a server instance’s error log file, from the Server Manager, choose the Server Status tab, and click the View Error Log link.

The following error log example contains three entries..


20/May/2005:14:08:37] info ( 6141): CORE1116: iPlanet Web Proxy Server 4.0 B05/10/2005 01:26 20/May/2005:14:08:37] info ( 6142): CORE3274: 
successful server startup 20/May/2005:14:08:37] security (23246): 
for host 198.18.148.89 trying to GET /, deny-service reports:
 denying service of /

Working With the Log Analyzer

The server-root/extras/log_anly directory contains the log analysis tool that runs through the Server Manager user interface. This log analyzer analyzes files in common log format only. The HTML document in the log_anly directory explains the tool’s parameters. The server-install/extras/flexanlg directory contains the command-line log analyzer for the flexible log file format. However, the Server Manager defaults to using the flexible log file reporting tool regardless of the log file format you have selected.

Use the log analyzer to generate statistics about your default server, such as a summary of activity, most commonly accessed URLs, times during the day when the server is accessed most frequently, and so on. You can run the log analyzer from the Proxy Server or the command line.

You must set the library path before attempting to run the flexanlg command line utility. The settings for various platforms are as follows:

Solaris and Linux:

LD_LIBRARY_PATH=server-root/bin/proxy/lib:$LD_LIBRARY_PATH

AIX:

LIBPATH=server-root/bin/proxy/lib:$LIBPATH

HP-UX:

SHLIB_PATH=server-root/bin/proxy/lib:$SHLIB_PATH

Windows:

path=server-root\\bin\\proxy\\bin;%path%
Note –

Before running the log analyzer, you should archive the server logs. For more information about archiving server logs, see Archiving Log Files.

You can also type ./start -shell at the command prompt after changing to the server-root/proxy-serverid directory instead of setting the library path.

If you use the extended or extended-2 logging format, the log analyzer generates several reports within the output file in addition to the information that you designate to be reported. The following sections describe these reports.

Transfer Time Distribution Report

The transfer time distribution report shows the time used by the proxy server to transfer requests. This report displays the information categorized by service time and by percentage finished. The following example is a sample transfer time distribution report.

By service time category:

< 1 sec [644%] ........................................

< 2 sec [33.3%] ....................

< 3 sec [ 2.7%] .

< 4 sec [ 1.7%] .

< 5 sec [ 0.6%]

< 6 sec [ 0.4%]

< 7 sec [ 0.2%]

< 8 sec [ 0.0%]

< 9 sec [ 0.0%]

By percentage finished:

< 1 sec [64.4%] ........................................

< 2 sec [97.7%] ....................................

< 3 sec [100.4%]..............................................

Data Flow Report

The data flow report shows the data flow (the number of bytes transferred) from the client to the proxy, the proxy to the client, the proxy to the remote server, and the remote server to the proxy. For each of these scenarios, the report shows how much data was transferred in the form of headers and content. The data flow report also shows the data flow from the cache to the client. The following is a sample data flow report.

  
Headers

Content

Total

- Client -> Proxy.........
 
0 MB
 
0 MB
 
0 MB
 
- Proxy  -> Client...........
 
0 MB
 
2 MB
 
3 MB
 
- Proxy  -> Remote...........
 
0 MB
 
0 MB
 
0 MB
 
- Remote -> Proxy..........
 
0 MB
 
2 MB
 
2 MB
        
Approx:
      
- Cache  -> Client...........
 
0 MB
 
0 MB
 
0 MB

Status Code Report

The status code report shows which and how many status codes the proxy server received from the remote server and sent to the client. The status code report also provides explanations for all of these status codes. The following example is a sample status code report.

Code

-From remote-

 
-To client-

-Explanation-

200
 
338  [70.7%]
 
352  [73.6%]
 
OK
 
302
 
33  [ 6.9%]
 
36  [ 7.5%]
 
Redirect
 
304
 
90  [18.8%]
 
99  [20.7%]
 
Not modified
 
404
 
3  [ 0.6%]
 
3  [ 0.6%]
 
Not found
 
407
  
5  [ 1.0%]
 
Proxy authorization required
 
500
  
2  [ 0.4%]
 
Internal server error
 
504
  
6  [ 1.3%]
 
Gateway timeout

Requests and Connections Report

The requests and connections report shows the number of requests the proxy server receives from clients, the number of connections the proxy makes to a remote server (initial retrievals, up-to-date checks, and refreshes), and the number of remote connections the proxy server avoids by using cached documents. The following example is a sample requests and connections report.

- Total requests.............     478
- Remote connections.........     439
- Avoided remote connects....      39 [ 8.2%]

Cache Performance Report

The cache performance report shows the performance of the clients’ caches, the proxy server’s cache, and the direct connections.

Client Cache

A client cache hit occurs when a client performs an up-to-date check on a document and the remote server returns a 304 message telling the client that the document was not modified. An up-to-date check initiated by a client indicates that the client has its own copy of the document in the cache.

For the client’s cache, the report shows:

Proxy Cache

A proxy cache hit occurs when a client requests a document from a proxy server and the proxy server already has the document in its cache. For the proxy server’s cache hits, the report shows:

Proxy Cache Hits Combined

For the proxy cache hits combined, the report shows the total number of hits to the proxy server’s cache and the average amount of time it took to service these requests.

Direct Transactions

Direct transactions are those that go directly from the remote server to the proxy server to the client without any cache hits. For the direct transactions, the report shows:

The following example is a sample cache performance report.


                  
CLIENT CACHE:
- Client & proxy cache hits... 86 reqs [18.0%] 0.21 sec/req- Proxy shortcut 
no-check........ 13 reqs [ 2.7%] 0.00 sec/req- Client cache hits only.....
- TOTAL client cache hits.......... 99 reqs [20.7%] 0.18 sec/req

                  PROXY CACHE:
- Proxy cache hits w/check........ 4 reqs [ 0.8%] 0.50 sec/req- Proxy cache 
hits w/o check.. 10 reqs [ 2.1%] 0.00 sec/req- Pure proxy cache hits...... 
14 reqs [ 2.9%] 0.14 sec/req

                  PROXY CACHE HITS COMBINED:
- TOTAL proxy cache hits....... 113 reqs [23.6%] 0.18 sec/req

                  DIRECT TRANSACTIONS:
- Retrieved documents..313 reqs [65.5%]  0.90 sec/req 2 MB- Other 
transactions.. 52 reqs [10.9%] 7.79 sec/req- TOTAL direct traffic..
365 reqs [76.4%] 1.88 sec/req 2 MB

Transfer Time Report

The transfer time report shows the information about the time used by the proxy server to process a transaction. This report shows values for the following categories:

Average transaction time: The average of all transfer times logged.

Average transfer time without caching: the average of transfer times for transactions that are not returned from the cache, that is those transaction that result in a 200 response from remote server.

Average with caching, without errors: The average of transfer times for all non-error transactions, that is those transaction, 2xx and 3xx status codes.

Average transfer time improvement: The average transaction time minus the average transfer time with caching, without errors.

The following example is a sample transfer time report.

- Average transaction time... 1.48 sec/req- Ave xfer time w/o caching.. 
	0.90 sec/req- Ave w/caching, w/o errors.. 0.71 sec/req - Ave xfer 
	time improvement.. 0.19 sec/req

Hourly Activity Report

For each analyzed hour, the hourly activity report shows:

ProcedureTo Run the Log Analyzer From the Server Manager

  1. Access the Server Manager, and click the Server Status tab.

  2. Click the Generate Report link.

    The Generate Report page is displayed.

  3. Type the name of your server. This name appears in the generated report.

  4. Choose whether the report will appear in HTML or ASCII format.

  5. Select the log file you want to analyze.

  6. If you want to save the results in a file, type an output filename in the Output File field.

    If you leave the field blank, the report results print to the screen. For large log files, you should save the results to a file because printing the output to the screen might take a long time.

  7. Select whether to generate totals for certain server statistics.

    The following totals can be generated:

    • Total Hits- The total number of hits the server received since access logging was enabled.

    • 304 (Not Modified) Status Codes- The number of times a local copy of the requested document was used, rather than the server returning the page.

    • 302 (Redirects) Status Codes- The number of times the server redirected to a new URL because the original URL moved.

    • 404 (Not Found) Status Codes- The number of times the server could not find the requested document or the server did not serve the document because the client was not an authorized user.

    • 500 (Server Error) Status Codes- The number of times a server-related error occurred.

    • Total Unique URLs- The number of unique URLs accessed since access logging was enabled.

    • Total Unique Hosts- The number of unique hosts who have accessed the server since access logging was enabled.

    • Total Kilobytes Transferred- The number of kilobytes the server transferred since access logging was enabled.

  8. Select whether to generate general statistics. If you choose to generate statistics, choose from the following:

    • Find Top Number Seconds Of Log- Generates statistics based on information from the most recent number of seconds.

    • Find Top Number Minutes Of Log-

    • Generates statistics based on information from the most recent number of minutes.

    • Find Top Number Hours Of Log- Generates statistics based on information from the most recent number of hours.

    • Find Number Users (If Logged)- Generates statistics based on information from the number of users.

    • Find Top Number Referers (If Logged)- Generates statistics based on information from the number of referers.

    • Find Top Number User Agents (If Logged)- Generates statistics based on information on the user agents, for example, the browser type, its version, and the operating system.

    • Find Top Number Miscellaneous Logged Items (If Logged)- Generates statistics based on information from the number of user.

  9. Select whether to generate lists.

    If you choose to generate lists, specify the items for which you would like to generate lists:

    • URLs Accessed- Displays the URLs that were accessed

    • Number Most Commonly Accessed URL- Displays the most commonly accessed URLs or URLs that were accessed more than a specified number of times

    • URLs That Were Accessed More Than Number Times- Displays the URL that were accessed more times than the number specified

    • Hosts Accessing Your Server- Displays the hosts that accessed the Proxy Server

    • Number Hosts Most Often Accessing Your Server- Displays the hosts most often accessing your server or hosts that have accessed your server more than a specified number of times

    • Hosts That Accessed Your Server More Than Number Times- Displays the hosts that accessed your server more times than the number specified

  10. Specify the order in which you want to see the results

    Prioritize the order from 1 to 3 that you would like each section to appear in the report. If you chose not to generate any of them, the section will automatically be left out. The sections are:

    • Find Totals

    • General Statistics

    • Make Lists

  11. Click OK.

    The report appears in a new window.

To Run the Log Analyzer From the Command Line

To analyze access log files from the command line, run theflexanlg tool , which is in the directory server-install/extras/flexanlg.

To run flexanlg, type the following command and options at the command prompt:

./flexanlg [-n name] [-x] [-r] [-p order] [-i file]* [ -m metafile ]* [-o file][-c opts] [-t opts] [-l opts]

Options marked * can be repeated.

You can display this information online by 
typing ./flexanlg -h.

-P: proxy log format                                  Default: no
-n servername: The name of the server
-x : Output in HTML                                   Default: no
-r : Resolve IP addresses to hostnames                Default: no
-p [c,t,l]: Output order (counts, time stats, lists)  Default: ctl
-i filename: Input log file                           Default: none
-o filename: Output log file                          Default: stdout
-m filename: Meta file                                Default: none
-c [h,n,r,f,e,u,o,k,c,z]: Count these item(s) -       Default: hnreuokc
    h: total hits
    n: 304 Not Modified status codes (Use Local Copy)
    r: 302 Found status codes (Redirects)
    f: 404 Not Found status codes (Document Not Found)
    e: 500 Server Error status codes (Misconfiguration)
    u: total unique URL’s
    o: total unique hosts
    k: total kilobytes transferred
    c: total kilobytes saved by caches
    z: Do not count any items.
-t [sx,mx,hx, xx,z]: Find time stats -      Default:s5m5h10u10a10r10x10
    s(number): Find top (number) seconds of log
    m(number): Find top (number) minutes of log
    h(number): Find top (number) hours of log
    u(number): Find top (number) users of log
    a(number): Find top (number) user agents of log
    r(number): Find top (number) referers of log
    x(number): Find top (number) for miscellaneous keywords
    z: Do not find any time stats.
-l [cx,hx]: Make a list of -                          Default: c+3h5
    c(x,+x): Most commonly accessed URL’s
             (x: Only list x entries)
             (+x: Only list if accessed more than x times)
    h(x,+x): Hosts (or IP addresses) most often accessing your server
             (x: Only list x entries)
             (+x: Only list if accessed more than x times)
    z: Do not make any lists.

Viewing Events (Windows)

In addition to logging errors to the server error log, Proxy Server logs severe system errors to the Event Viewer. The Event Viewer enables you to monitor events on your system. Use the Event Viewer to see errors resulting from fundamental configuration problems, which can occur before the error log can be opened.

ProcedureTo Use the Event Viewer

  1. From the Start menu, select Programs and then Administrative Tools.

    Choose Event Viewer in the Administrative Tools program group.

  2. Choose Application from the Log menu.

    The Application log appears in the Event Viewer. Errors from Proxy Server have a source label of proxy-serverid.

  3. Choose Find from the View menu to search for one of these labels in the log.

    Choose Refresh from the View menu to see updated log entries.

    For more information about the Event Viewer, consult your system documentation.