Logging
The System > Logging page allows you to set the W3C logging levels and specify the remote server to which logs will be automatically exported. The page is organized into the four sections below.
W3C Logging Details
Enabling W3C logging will cause the ADC to start recording a W3C compatible log file. A W3C log is an access log for Web servers in which text files are generated containing data about each access request, including the source Internet Protocol (IP) address, the HTTP version, the browser type, the referrer page, and the time stamp. The format was developed by the World Wide Web Consortium (W3C), an organization that promotes standards for the evolution of the Web. The file is in ASCII text, with space-delimited columns. The file holds comment lines beginning with the # character. One of these comment lines is a line indicating the fields (providing column names) so that data can be mined. There are separate files for HTTP and FTP protocols.
W3C Logging Levels
There are different logging levels available, and depending on the service type, the data provided varies.
The table below describes logging levels for W3C HTTP.
|
Value
|
Description
|
|
None
|
W3C logging is off.
|
|
Brief
|
The fields present are: #Fields: time c-ip c-port s-ip method uri x-c-version x-r-version sc-status cs-bytes sr-bytes rs-bytes sc-bytes x-percent time-taken x- round-trip-time cs(User-Agent) x-sc(Content-Type).
|
|
Full
|
This is a more processor-compatible format with separate date and time fields. See the fields summary below for information on what the fields mean. The fields present are: #Fields: date time c-ip c-port cs-username s-ip s-port cs-method cs-uri-stem cs-ur- -query sc-status cs(User-Agent) referer x-c-version x-r-version cs-bytes sr-bytes rs-bytes sc-bytes x-percent time-taken x-roun-trip-time x-sc(Content-Type).
|
|
Site
|
This format is very similar to “Full” but has an additional field. See the summary of the fields below for information on what the fields mean. The fields present are: #Fields: date time x-mil c-ip c-port cs-username s-ip s-port cs-host cs-method cs-uri-stem cs-ur--query sc-status cs(User-Agent) referer x-c-version x-r-version cs-bytes sr-bytes rs-bytes sc-bytes x-percent time-taken x-round--trip-time x-sc(Content-Type).
|
|
Diagnostic
|
This format is filled with all sorts of information relevant to development and support staff. See the fields summary below for information on what the fields mean. The fields present are: #Fields: date time c-ip c-port cs-username s-ip s-port x-xff x-xffcustom cs-host x-r-ip x-r-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent) referer x-c-version x-r-version cs-bytes sr-bytes rs-bytes sc-bytes x-percent time-taken x-round-trip-time x-trip-times(new,rcon,rqf,rql,tqf,tql,rsf,rsl,tsf,tsl,dis,log) x-closed-by x- compress-action x-sc(Content-Type) x-cache-action X-finish
|
The table below describes logging levels for W3C FTP.
|
Value
|
Description
|
|
Brief
|
#Fields: date time c-ip c-port s-ip s-port r-ip r-port cs-method cs-param sc-status sc-param sr-method sr-param rs-status rs-param
|
|
Full
|
#Fields: date time c-ip c-port s-ip s-port r-ip r-port cs-method cs-param cs-bytes sc-status sc-param sc-bytes sr-method sr-param sr-bytes rs-status rs-param rs-bytes
|
|
Diagnostic
|
#Fields: date time c-ip c-port s-ip s-port r-ip r-port cs-method cs-param cs-bytes sc-status sc-param sc-bytes sr-method sr-param sr-bytes rs-status rs-param rs-bytes
|
Include W3C Logging
This option allows you to set what ADC information should be included in the W3C logs.
|
Value
|
Description
|
|
Client’s Network Address and Port
|
The value shown here displays the actual client IP address along with the port.
|
|
Client’s Network Address
|
This option will include and only show the actual client IP address.
|
|
Forwarded-For Address and Port
|
This option will show the details held in the XFF header, including the address and port.
|
|
Forwarded-For Address
|
This option will show the details held in the XFF header, including the address only.
|
Include Security Information
This menu consists of two options:
|
Value
|
Description
|
|
On
|
This setting is global. When set to on, the username will be appended to W3C log when any Virtual Service is using Authentication and has W3C logging enabled.
|
|
Off
|
This will turn off the ability to log the username to the W3C log on a global level.
|
Syslog Server
This section allows you to set the level of message logging performed to the SYSLOG server. The options available are as follows.
Remote Syslog Server
In this section, you can configure two external Syslog servers to send all system logs.
· Add the IP address of your Syslog server
· Add the Port
· Choose whether you wish to use TCP or UDP
· Tick the Enabled checkbox to begin logging
· Click Update
Remote Log Storage
All W3C logs are stored in compressed form onto the ADC every hour. The oldest files will be deleted when 30% of disk space is remaining. Should you wish to export these to a remote server for safekeeping, you can configure this using an SMB share. Please note that the W3C log will not transfer to the remote location until the file has been completed and compressed. As the logs are written every hour, this could take up to two hours in a Virtual Machine appliance and five hours for a hardware appliance.
We will include a test button in future releases to provide some feedback that your settings are correct.
|
Col1
|
Col2
|
|
Remote Log Storage
|
Tick the box to enable remote log storage
|
|
IP Address
|
Specify the IP address of your SMB server. This should be in dotted decimal notation. Example: 10.1.1.23
|
|
Share Name
|
Specify the share name on the SMB server. Example: w3c.
|
|
Directory
|
Specify the directory on the SMB server. Example: /log.
|
|
Username
|
Specify the username for the SMB share.
|
|
Password
|
Specify the password for the SMB share
|
Field Summary
|
Condition
|
Description
|
|
Date
|
Not localised = always YYYY-MM-DD (GMT/UTC)
|
|
Time
|
Not localised = HH:MM:SS or HH:MM:SS.ZZZ (GMT/UTC) * Note-unfortunately this has two formats (Site
|
|
|
has no .ZZZ milliseconds)
|
|
x-mil
|
Site format only = millisecond of time stamp
|
|
c-ip
|
Client IP as best can be derived from network or X-Forwarded-For header
|
|
c-port
|
Client port as best can be derived from network or X-Forwarded-For header
|
|
cs-username
|
Client’s user-name request field
|
|
s-ip
|
ALB’s listening port
|
|
s-port
|
ALB’s listening VIP
|
|
x-xff
|
Value of X-Forwarded-For header
|
|
x-xffcustom
|
Value of configured-named X-Forwarded-For type request header
|
|
cs-host
|
Host name in the request
|
|
x-r-ip
|
IP address of Real Server used
|
|
x-r-port
|
Port of Real Server used
|
|
cs-method
|
HTTP request method * except Brief format
|
|
method
|
* Only brief format uses this name for cs-method
|
|
cs-uri-stem
|
Path of the requested resource * except Brief format
|
|
cs-uri-query
|
Query for the requested resource * except Brief format
|
|
uri
|
* brief format logs a combined path and query-string
|
|
sc-status
|
HTTP response code
|
|
cs(User-Agent)
|
Browser’s User-Agent string (as sent by client)
|
|
referer
|
Referring page (as sent by client)
|
|
x-c-version
|
Client’s request HTTP version
|
|
x-r-version
|
Content-Server’s response HTTP version
|
|
cs-bytes
|
Bytes from client, in the request
|
|
sr-bytes
|
Bytes forwarded to Real Server, in the request
|
|
rs-bytes
|
Bytes from Real Server, in the response
|
|
sc-bytes
|
Bytes sent to client, in the response
|
|
x-percent
|
Compression percentage * = 100 * ( 1 – output / input) including headers
|
|
time-taken
|
How long the Real Server took in seconds
|
|
x-trip-times new
pcon
|
millisecond from connect to posting in “newbie list”
millisecond from connect to placing the connection to the Real Server
|
|
acon
|
millisecond from connect to finishing placing the connection to the Real Server
|
|
rcon
|
millisecond from connect to establishing real-server connection
|
|
rqf
|
millisecond from connect to receiving the first byte of request from the client
|
|
rql
|
millisecond from connect to receiving the last byte of request from the client
|
|
tqf
|
millisecond from connect to sending the first byte of request to the Real Server
|
|
tql
|
millisecond from connect to sending the last byte of request to the Real Server
|
|
rsf
|
millisecond from connect to receiving the first byte of response from the Real Server
|
|
rsl
|
millisecond from connect to receiving the last byte of response from the Real Server
|
|
tsf
|
millisecond from connect to sending the first byte of response to the client
|
|
tsl
|
millisecond from connect to sending the last byte of response to the client
|
|
dis
|
millisecond from connect to disconnect (both sides – last one to disconnect)
|
|
log
|
millisecond from connect to this log record usually followed by (Load-balance policy and reasoning)
|
|
x-round-trip-time
|
How long ALB took in seconds
|
|
x-closed-by
|
What action caused the connection to be closed (or kept open)
|
|
x-compress-action
|
How compression was carried out, or prevented
|
|
x-sc(Content-Type)
|
Content-Type of response
|
|
x-cache-action
|
How caching responded, or was prevented
|
|
x-finish
|
Trigger that caused this log row
|
Clear Log Files
This feature allows you to clear the log files from the ADC. You can select the type of log you wish to delete from the drop-down menu and then click the Clear button.