Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Working With the Log Analyzer

The server-root/extras/log_anly directory contains the log analysis tool that runs through the Server Manager user interface. This log analyzer analyzes files in common log format only. The HTML document in the log_anly directory explains the tool’s parameters. The server-install/extras/flexanlg directory contains the command-line log analyzer for the flexible log file format. However, the Server Manager defaults to using the flexible log file reporting tool regardless of the log file format you have selected.

Use the log analyzer to generate statistics about your default server, such as a summary of activity, most commonly accessed URLs, times during the day when the server is accessed most frequently, and so on. You can run the log analyzer from the Proxy Server or the command line.

You must set the library path before attempting to run the flexanlg command line utility. The settings for various platforms are as follows:

Solaris and Linux:

LD_LIBRARY_PATH=server-root/bin/proxy/lib:$LD_LIBRARY_PATH

AIX:

LIBPATH=server-root/bin/proxy/lib:$LIBPATH

HP-UX:

SHLIB_PATH=server-root/bin/proxy/lib:$SHLIB_PATH

Windows:

path=server-root\\bin\\proxy\\bin;%path%

Note –

Before running the log analyzer, you should archive the server logs. For more information about archiving server logs, see Archiving Log Files.

You can also type ./start -shell at the command prompt after changing to the server-root/proxy-serverid directory instead of setting the library path.

If you use the extended or extended-2 logging format, the log analyzer generates several reports within the output file in addition to the information that you designate to be reported. The following sections describe these reports.

Transfer Time Distribution Report

The transfer time distribution report shows the time used by the proxy server to transfer requests. This report displays the information categorized by service time and by percentage finished. The following example is a sample transfer time distribution report.

By service time category:

< 1 sec [644%] ........................................

< 2 sec [33.3%] ....................

< 3 sec [ 2.7%] .

< 4 sec [ 1.7%] .

< 5 sec [ 0.6%]

< 6 sec [ 0.4%]

< 7 sec [ 0.2%]

< 8 sec [ 0.0%]

< 9 sec [ 0.0%]

By percentage finished:

< 1 sec [64.4%] ........................................

< 2 sec [97.7%] ....................................

< 3 sec [100.4%]..............................................

Data Flow Report

The data flow report shows the data flow (the number of bytes transferred) from the client to the proxy, the proxy to the client, the proxy to the remote server, and the remote server to the proxy. For each of these scenarios, the report shows how much data was transferred in the form of headers and content. The data flow report also shows the data flow from the cache to the client. The following is a sample data flow report.

	Headers	Content	Total
- Client -> Proxy.........	0 MB	0 MB	0 MB
- Proxy -> Client...........	0 MB	2 MB	3 MB
- Proxy -> Remote...........	0 MB	0 MB	0 MB
- Remote -> Proxy..........	0 MB	2 MB	2 MB

Approx:
- Cache -> Client...........	0 MB	0 MB	0 MB

Status Code Report

The status code report shows which and how many status codes the proxy server received from the remote server and sent to the client. The status code report also provides explanations for all of these status codes. The following example is a sample status code report.

Code	-From remote-	-To client-	-Explanation-
200	338 [70.7%]	352 [73.6%]	OK
302	33 [ 6.9%]	36 [ 7.5%]	Redirect
304	90 [18.8%]	99 [20.7%]	Not modified
404	3 [ 0.6%]	3 [ 0.6%]	Not found
407		5 [ 1.0%]	Proxy authorization required
500		2 [ 0.4%]	Internal server error
504		6 [ 1.3%]	Gateway timeout

Requests and Connections Report

The requests and connections report shows the number of requests the proxy server receives from clients, the number of connections the proxy makes to a remote server (initial retrievals, up-to-date checks, and refreshes), and the number of remote connections the proxy server avoids by using cached documents. The following example is a sample requests and connections report.

- Total requests.............     478
- Remote connections.........     439
- Avoided remote connects....      39 [ 8.2%]

Cache Performance Report

The cache performance report shows the performance of the clients’ caches, the proxy server’s cache, and the direct connections.

Client Cache

A client cache hit occurs when a client performs an up-to-date check on a document and the remote server returns a 304 message telling the client that the document was not modified. An up-to-date check initiated by a client indicates that the client has its own copy of the document in the cache.

For the client’s cache, the report shows:

Client and proxy cache hits: A client cache hit in which the proxy server and the client both have a copy of the requested document and the remote server is queried for an up-to-date check with respect to the proxy’s copy and the client’s request is then evaluated with respect to the proxy’s copy. The cache performance report shows the number of requests of this type that the proxy serviced and the average amount of time it took to service these requests.
Proxy shortcut no-check: A client cache hit in which the proxy server and the client both have a copy of the requested document and the proxy server tells the client without checking with the remote server that the document in the client’s cache is up-to-date. The cache performance report shows the number of requests of this type that the proxy serviced and the average time used to service these requests.
Client cache hits only: A client cache hit in which only the client has a cached copy of the requested document. In this type of request, the proxy server directly tunnels the client’s If-modified-since GET header. The cache performance report shows the number of requests of this type that the proxy serviced and the average time used to service these requests.
Total client cache hits: the total number of client cache hits and the average amount of time used to service these requests.

Proxy Cache

A proxy cache hit occurs when a client requests a document from a proxy server and the proxy server already has the document in its cache. For the proxy server’s cache hits, the report shows:

Proxy cache hits with check: A proxy cache hit in which the proxy server queries the remote server for an up-to-date check on the document. The cache performance report shows the number of requests of this type that the proxy serviced and the average time used to service these requests.
Proxy cache hits without check: A proxy cache hit in which the proxy server does not query the remote server for an up-to-date check on the document. The cache performance report shows the number of requests of this type that the proxy serviced and the average time used to service these requests.
pure proxy cache hits: A proxy cache hit in which the client does not have a cached copy of the requested document. The cache performance report shows the number of requests of this type that the proxy serviced and the average time used to service these requests.

Proxy Cache Hits Combined

For the proxy cache hits combined, the report shows the total number of hits to the proxy server’s cache and the average amount of time it took to service these requests.

Direct Transactions

Direct transactions are those that go directly from the remote server to the proxy server to the client without any cache hits. For the direct transactions, the report shows:

Retrieved documents: Documents retrieved directly from the remote server. The cache performance report shows the number of requests of this type that the proxy serviced, the average time it took to service these requests, and the percentage of total transactions.
Other transactions:Transactions that are returned with a status code other than 200 or 304. The cache performance report shows the number of requests of this type that the proxy serviced and the average time it took to service these requests.
Total direct traffic: Requests, both failed requests and successfully retrieved documents that went directly from the client to the remote server. The cache performance report shows the number of requests of this type that the proxy serviced, the average time used to service these requests, and the percentage of total transactions.

The following example is a sample cache performance report.

                  
CLIENT CACHE:
- Client & proxy cache hits... 86 reqs [18.0%] 0.21 sec/req- Proxy shortcut 
no-check........ 13 reqs [ 2.7%] 0.00 sec/req- Client cache hits only.....
- TOTAL client cache hits.......... 99 reqs [20.7%] 0.18 sec/req

                  PROXY CACHE:
- Proxy cache hits w/check........ 4 reqs [ 0.8%] 0.50 sec/req- Proxy cache 
hits w/o check.. 10 reqs [ 2.1%] 0.00 sec/req- Pure proxy cache hits...... 
14 reqs [ 2.9%] 0.14 sec/req

                  PROXY CACHE HITS COMBINED:
- TOTAL proxy cache hits....... 113 reqs [23.6%] 0.18 sec/req

                  DIRECT TRANSACTIONS:
- Retrieved documents..313 reqs [65.5%]  0.90 sec/req 2 MB- Other 
transactions.. 52 reqs [10.9%] 7.79 sec/req- TOTAL direct traffic..
365 reqs [76.4%] 1.88 sec/req 2 MB

Transfer Time Report

The transfer time report shows the information about the time used by the proxy server to process a transaction. This report shows values for the following categories:

Average transaction time: The average of all transfer times logged.

Average transfer time without caching: the average of transfer times for transactions that are not returned from the cache, that is those transaction that result in a 200 response from remote server.

Average with caching, without errors: The average of transfer times for all non-error transactions, that is those transaction, 2xx and 3xx status codes.

Average transfer time improvement: The average transaction time minus the average transfer time with caching, without errors.

The following example is a sample transfer time report.

- Average transaction time... 1.48 sec/req- Ave xfer time w/o caching.. 
	0.90 sec/req- Ave w/caching, w/o errors.. 0.71 sec/req - Ave xfer 
	time improvement.. 0.19 sec/req

Hourly Activity Report

For each analyzed hour, the hourly activity report shows:

The load average
The number of cache hits with no up-to-date check to the remote server
The number of hits to the proxy server’s cache with an up-to-date check to the remote server that proves that the document is up-to-date and the document is in the client cache
The number of hits to the proxy server’s cache with an up-to-date check to the remote server that proves that the document is up-to-date and the document is not in the client cache
The number of hits to the proxy server’s cache with an up-to-date check to the remote server that caused part of the document to be updated
The number of hits to the proxy server’s cache with an up-to-date check to the remote server that returned a new copy of the requested document with a 200 status code
The number of requests for which documents are directly retrieved from the remote server without any hits to the proxy server’s cache

To Run the Log Analyzer From the Server Manager

Access the Server Manager, and click the Server Status tab.

Click the Generate Report link.

The Generate Report page is displayed.

Type the name of your server. This name appears in the generated report.

Choose whether the report will appear in HTML or ASCII format.

Select the log file you want to analyze.

If you want to save the results in a file, type an output filename in the Output File field.

If you leave the field blank, the report results print to the screen. For large log files, you should save the results to a file because printing the output to the screen might take a long time.

Select whether to generate totals for certain server statistics.

The following totals can be generated:
- Total Hits- The total number of hits the server received since access logging was enabled.
- 304 (Not Modified) Status Codes- The number of times a local copy of the requested document was used, rather than the server returning the page.
- 302 (Redirects) Status Codes- The number of times the server redirected to a new URL because the original URL moved.
- 404 (Not Found) Status Codes- The number of times the server could not find the requested document or the server did not serve the document because the client was not an authorized user.
- 500 (Server Error) Status Codes- The number of times a server-related error occurred.
- Total Unique URLs- The number of unique URLs accessed since access logging was enabled.
- Total Unique Hosts- The number of unique hosts who have accessed the server since access logging was enabled.
- Total Kilobytes Transferred- The number of kilobytes the server transferred since access logging was enabled.

Select whether to generate general statistics. If you choose to generate statistics, choose from the following:
- Find Top Number Seconds Of Log- Generates statistics based on information from the most recent number of seconds.
- Find Top Number Minutes Of Log-
- Generates statistics based on information from the most recent number of minutes.
- Find Top Number Hours Of Log- Generates statistics based on information from the most recent number of hours.
- Find Number Users (If Logged)- Generates statistics based on information from the number of users.
- Find Top Number Referers (If Logged)- Generates statistics based on information from the number of referers.
- Find Top Number User Agents (If Logged)- Generates statistics based on information on the user agents, for example, the browser type, its version, and the operating system.
- Find Top Number Miscellaneous Logged Items (If Logged)- Generates statistics based on information from the number of user.

Select whether to generate lists.

If you choose to generate lists, specify the items for which you would like to generate lists:
- URLs Accessed- Displays the URLs that were accessed
- Number Most Commonly Accessed URL- Displays the most commonly accessed URLs or URLs that were accessed more than a specified number of times
- URLs That Were Accessed More Than Number Times- Displays the URL that were accessed more times than the number specified
- Hosts Accessing Your Server- Displays the hosts that accessed the Proxy Server
- Number Hosts Most Often Accessing Your Server- Displays the hosts most often accessing your server or hosts that have accessed your server more than a specified number of times
- Hosts That Accessed Your Server More Than Number Times- Displays the hosts that accessed your server more times than the number specified

Specify the order in which you want to see the results

Prioritize the order from 1 to 3 that you would like each section to appear in the report. If you chose not to generate any of them, the section will automatically be left out. The sections are:
- Find Totals
- General Statistics
- Make Lists

Click OK.

The report appears in a new window.

To Run the Log Analyzer From the Command Line

To analyze access log files from the command line, run theflexanlg tool , which is in the directory server-install/extras/flexanlg.

To run flexanlg, type the following command and options at the command prompt:

./flexanlg [-n name] [-x] [-r] [-p order] [-i file]* [ -m metafile ]* [-o file][-c opts] [-t opts] [-l opts]

Options marked * can be repeated.

You can display this information online by 
typing ./flexanlg -h.

-P: proxy log format                                  Default: no
-n servername: The name of the server
-x : Output in HTML                                   Default: no
-r : Resolve IP addresses to hostnames                Default: no
-p [c,t,l]: Output order (counts, time stats, lists)  Default: ctl
-i filename: Input log file                           Default: none
-o filename: Output log file                          Default: stdout
-m filename: Meta file                                Default: none
-c [h,n,r,f,e,u,o,k,c,z]: Count these item(s) -       Default: hnreuokc
    h: total hits
    n: 304 Not Modified status codes (Use Local Copy)
    r: 302 Found status codes (Redirects)
    f: 404 Not Found status codes (Document Not Found)
    e: 500 Server Error status codes (Misconfiguration)
    u: total unique URL’s
    o: total unique hosts
    k: total kilobytes transferred
    c: total kilobytes saved by caches
    z: Do not count any items.
-t [sx,mx,hx, xx,z]: Find time stats -      Default:s5m5h10u10a10r10x10
    s(number): Find top (number) seconds of log
    m(number): Find top (number) minutes of log
    h(number): Find top (number) hours of log
    u(number): Find top (number) users of log
    a(number): Find top (number) user agents of log
    r(number): Find top (number) referers of log
    x(number): Find top (number) for miscellaneous keywords
    z: Do not find any time stats.
-l [cx,hx]: Make a list of -                          Default: c+3h5
    c(x,+x): Most commonly accessed URL’s
             (x: Only list x entries)
             (+x: Only list if accessed more than x times)
    h(x,+x): Hosts (or IP addresses) most often accessing your server
             (x: Only list x entries)
             (+x: Only list if accessed more than x times)
    z: Do not make any lists.