Cisco Application Velocity System User Guide (Software Version 5.0)
Logs
Download this chapter
LogsLogs
Download the complete book
Cisco AVS User Guide (Software Version 5.0) Book-Length PDFCisco AVS User Guide (Software Version 5.0) Book-Length PDF (PDF - 7 MB)
give_us_feedback

Table Of Contents

Logs

Log File Management

FgnStatLog

Error_log

Access_log

Configuring Extended access_log Formats

W3CExtended Example

IISW3CExtended Example

Postgres Database Logging

Management Console Logging


Logs

This appendix describes the logs generated by the application appliance servers, and related topics.

Log File Management

FgnStatLog

Error_log

Access_log

Configuring Extended access_log Formats

Postgres Database Logging

Management Console Logging

Besides the error_log file, the logs directory also contains SSL files that indicate any failures related to the SSL protocol.

Note If you have installed only a Cisco AVS 3120 Application Velocity System, the Management Console database and reporting features are not available and you will not see a Reports folder in the menu at the left side of the Management Console window. You must be running the Management Console on a Cisco AVS 3180 Management Station, which supports a database, in order to see the Report items in the Management Console. This note does not apply to users who have performed software upgrades to AVS 5.0 from older software products or on the Velocity Appliance.

Log File Management

The application appliance supports automatic log rotation and uploading of logs to the Management Console database.

For every request, the server writes a log entry to the FgnStatLog file, stored in the $AVS_HOME/perfnode/logs directory. The initial log file is named FgnStatLog.000. When this file fills to its maximum size (25 MB, by default), it is closed, and a new log file is created, FgnStatLog.001, and after that FgnStatLog.002, and so on, up to FgnStatLog.999. This allows you to save multiple log files, each 25 MB in size.

No more than ten of these FgnStatLog files can be saved, and typically, just the current file is saved. You can control the size of log files with the FgnStatLogFileSizeLimit configuration directive.

In addition to this auto-rotation feature, log data from the current FgnStatLog file is frequently uploaded to the Management Console database. Every 30 seconds the Management Console component requests the latest batch of log entries from the application appliance server (or servers, if there are more than one). It then parses the log data and stores it in the Management Console database. Each server knows what log entries have already been sent to the database, and at the next request it sends only the new entries since the last request.

Once an entire FgnStatLog file is filled and all entries have been sent to the database, the file is deleted. Up to ten FgnStatLog files can be saved on the AVS 3120 device until they need to be recycled, according to the FgnStatLogArchivingPolicy directive.

In addition to the FgnStatLog log, each server also produces error_log and optional access_log files. These are the standard log files produced by Apache Web servers.

For details on the configuration directives in the fgn.conf file that control logging, see Table 5-1.

For details on the format of data contained in the log files, refer to the following sections.

Note For users who have upgraded FineGround software-only products to AVS 5.0, the following directories are not pruned automatically and you are expected to prune them:

../jboss-3.0.1_tomcat-4.0.4/server/default/log/node_stat_log/archive

../jboss-3.0.1_tomcat-4.0.4/server/default/log/node_stat_log/collecter_inbox

../jboss-3.0.1_tomcat-4.0.4/server/default/log/node_stat_log/consumer_inbox

../jboss-3.0.1_tomcat-4.0.4/server/default/log/node_stat_log/consumer_working

Prune the first directory at 6.25 MB, and the others at 31.25 MB.

FgnStatLog

For each application appliance request, statistical log information is written to the FgnStatLog.nnn file, where nnn is a three digit number. This section describes the format of the log entries in this file.

Each entry in the FgnStatLog file is written in an XML-like syntax, where each element is opened with an angle-bracketed tag and closed with a similar tag, and can contain several fields, along with nested elements.

The following is the structure of a log record. Note that "\n" is the newline character. 

<TRN> instanceID trnNum recTime appClass totTime inSize outSize 

clientConNum ip repUser hostName port serverConNum protocol method url+params respCode {{DIRECT|DETAG} 
time|CACHE status} \n

<DBG> datetime procNum reqNum {inb=inSize} </DBG>\n

[<REQ> fastRedirect </REQ>\n]

<PSM> {param1=value&param2=value...} </PSM>\n

[{<DLO> bfSize inSize deltaSize [CACHE] </DLO>|<DLF> failures</DLF>}\n]

[<FCO> total eligible xformed refreshed </FCO>\n]

[<FCN> numOfObjects </FCN>\n]

[<CPO> method uncompSize compSize </CPO>\n]

[<CLO><CIP>clientIP</CIP></CLO>]

[<RGS> encodedString </RGS>\n]

[<CAF> cacheFailureReason </CAF>\n]

[<LRH> locationHeader </LRH>\n]

[<CLI> clientID {sessionID} </CLI>\n]

[<UUA> unSupportedUserAgent </UUA>\n]

[<XSLMRG> status </XSLMRG>\n]

[<MIT> mimeType </MIT>\n]

[<UAS> userAgentHeader </UAS>\n]

[<REF> referrerHeader</REF>\n]

[<VER> statusLogVersion </VER>\n]

[<PRF> perfID reqTime [{<PMC> appMode </PMC>|<PMR> contTime compTime</PMR>}] </PRF>\n]

</TRN>

The first two lines, <TRN>... and <DBG>..., and the last line, </TRN>, are mandatory for every record. All others are optional and will appear based on the applicable policies.

Here is a sample record that has most of the tags described above. 

<TRN> ooqj0hxohrnt3lf3ye33kbyqdb 549 1044581243 WellKnownCondense

171 74098 14116 5 10.0.2.19 1 www.yahoo.com 8080 191 HTTP GET

http://www.yahoo.com/ycn/r.asp 200 DIRECT 161

<DBG> [Thu Aug 6 17:27:23 2004] (20485) {549} {inb=15264} </DBG>

<DLO> 76983 74098 13807 </DLO>

<FCO> 3 0 0 0  </FCO>

<CPO> gzip 74098 14116 </CPO>

<CLO><CIP> 10.0.2.13 </CIP></CLO>

<PRF> ooqj0hxohrnt3lf3ye33kbyqdb549 1044581243124 <PMC> 1 </PMC> </PRF>

<APS> <AST> 0 </AST> <ASC> Root </ASC> <ASP> script </ASP> <ASL> 1 </ASL> </APS>

</TRN>

Each entry contains several elements, described in Table A-1.

Table A-1 FgnStatLog Log Entry Elements 

Data Element
Description

<TRN> line

This line includes basic information about the transaction.

instanceID

Instance id of the application appliance instance that handled the URL request. This is a hash of the process id and the process start time.

trnNum

Transaction request number.

recTime

Timestamp when the request was received (the number of seconds since 00:00 January 1, 1970).

appClass

Application class that handled the request.

totTime

Elapsed time from the arrival of the request until the response is sent back, in milliseconds.

inSize

Size of the response obtained from origin server, in bytes. Undefined if the request is for a base file, as there is no trip to the origin server in that case.

outSize

Size of the final response sent to the client, in bytes.

clientConNum

Number of the connection that the application appliance child process opened to serve the client request. The number starts with 0 and increments by 1 as each new connection opens to serve requests.

ip

IP address of the client requesting the web page. This may not be the actual client IP address. See the <CLO> line, below, for more information.

repUser

Boolean flag. 1 indicates a repeat client visit; 0 indicates a new client.

hostName

The domain name portion of the request URL.

port

Server port number that the application appliance uses for connecting to the client.

serverConNum

Number of the connection that the application appliance child process opened to make a request to the origin server. The number starts with 0 and increments by 1 as each new connection to the origin server is opened.

protocol

The protocol used for the request; either HTTP or HTTPS.

method

The HTTP method used for the request; either GET or POST.

url+params

The URL requested by the client, including all query parameters.

respCode

The HTTP response code obtained from the origin server.

DIRECT | DETAG

Either DIRECT or DETAG appears in this field. DIRECT means that the request was for an uncacheable object and it was fetched from the origin server. DETAG means that the request contains a dynamic ETag header and Just-In-Time Object Acceleration was applied.

time

Elapsed time the origin server took to respond, in milliseconds.

CACHE status

A value that indicates the content origin. See Table A-2 for an explanation of the possible values for the status field.

<DBG> line

This line contains additional request information useful for debugging.

datetime

Date and time that the request was made, in human-readable form.

procNum

Operating system process number associated with this request.

reqNum

Request number.

inSize

Size of the response that was received from the origin server, in bytes.

<REQ> line

This line is included only if the FastRedirect OptimizationPolicy keyword is active (see the "OptimizationPolicy Element" section).

fastRedirect

Contains one of the following strings:

Fast Redirect Container: Indicates that this request is for a container page for which FastRedirect is applied.

Fast Redirect Target: Indicates that this request is for the redirected URL that is the result of the redirection.

<PSM> line

This line contains information about query parameters.

query parameter string

The query parameter string.

<DLO> | <DLF> line

This line is included only if delta optimization is enabled. If delta optimization succeeded, then the <DLO> tag appears; if it failed, then the <DLF> tag appears.

bfSize

Size of the base file as obtained from the application appliance, in bytes, in the case of a condensable response or base file response; otherwise undefined.

inSize

Size of the content before delta optimization, in bytes. Undefined if the request is for a base file.

deltaSize

Size of the delta response, in bytes, in the case of a condensed response; otherwise undefined.

CACHE

Indicates that dynamic caching was applied to the request.

failures

A value consisting of 16 Boolean flags, indicating the reason for delta optimization failing on a response. See Table A-3 for an explanation of the bit fields in this value.

<FCO> line

This line contains FlashForward information for pages that are FlashForward containers.

total

The number of embedded objects contained in a FlashForward container page.

eligible

The number of embedded objects contained in a FlashForward container page that were eligible for FlashForwarding by the application appliance OptimizationPolicy settings.

xformed

The number of embedded objects contained in a FlashForward container page that were actually FlashForwarded.

refreshed

The number of embedded objects contained in a FlashForward container page that had to be refreshed from the origin server.

<FCN> line

This line contains the number of objects that were FlashConnected.

<CPO> line

This line contains compression information for pages that are compressed.

method

Compression type; either gzip or deflate.

uncompSize

Size of the uncompressed response, in bytes.

compSize

Size of the compressed response, in bytes.

<CLO> line

This line contains information resulting from custom log options.

<CIP> entry

The true client IP address. If the IP address returned by the LogClientView element is invalid (see the "Client View Logging Configuration" section), the string "invalid" appears in this entry.

<RGS> line

This line contains an encoded string that is made based on the specified RequestGroupingString definition in fgn.conf.

<CAF> line

This line provides reason codes for not caching a given response. See Table A-4 for an explanation of the bit fields in this value.

<LRH> line

This is the Location header from the 302 redirect response from the application appliance to the client.

<CLI> line

This line records a unique identifier for a given client.

clientID

The unique id for a client recorded by dropping a cookie that does not expire for 2 years.

sessionID

The unique session id for a client recorded by dropping a session cookie.

<UUA> line

When the application appliance encounters a user agent that is not on the list of supported user agents (see the "useragent.conf" section) for delta optimization, this item is set to 1. Also see the UAS line, below.

<XSLMRG> line

This line provides XSLMerge status flags. See Table A-5 for an explanation of the bit fields in this value.

<MIT> line

The MIME type of the response from the origin server.

<UAS> line

The User-Agent header from the client that is making the request.

<REF> line

The Referer header from the client that is making the request.

<VER> line

The version of the status log (fgnstatlog).

<PRF> line

Contains performance monitoring information, if this request was selected for measurement.

perfID

Unique id of the request.

reqTime

Timestamp when the request was made.

<PMC> entry

This entry appears only if the page triggered performance monitoring; that is, it is the container page.

appMode

AppScope mode:

0 indicates unknown mode.

1 indicates an accelerated (optimized) measured request.

2 indicates a pass-through (unoptimized) measured request.

3 indicates a request that was not measured by AppScope.

<PMR> entry

This entry appears when the performance measurement is finished for the page.

contTime

Reserved for internal use.

compTime

Reserved for internal use.

<APS> line

This line contains AppScreen information.

<AST> entry

Elapsed time (in milliseconds) that was required for AppScreen to analyze the request and perform the specified actions.

<ASC> entry

AppScreen Class for the match.

<ASP> entry

AppScreen policy that was matched.

<ASL> entry

AppScreen severity level for this policy.


Table A-2 describes the possible values for the CACHE status field from Table A-1.

Table A-2 CACHE Status Values

Value
Description

CACHE_HIT

The object came from the application appliance cache

CACHE_MISS

The object was not in the cache and came from the origin server

CACHE_REFRESH_HIT

An expired copy of the requested object was in the cache. The application appliance made an If-Modified-Since request and the response was "NOT Modified."

CACHE_REFRESH_MISS

An expired copy of the requested object was in the cache. The application appliance made an If-Modified-Since request and received a new, different object.

CACHE_CLIENT_REFRESH

The client issued a request with the "no-cache" pragma. (Note that a "reload" is handled as a CACHE_MISS.)

CACHE_IMS_HIT

An If-Modified-Since GET request was received from the client. A valid copy of the object was in the cache (fresh).

CACHE_IMS_MISS

An If-Modified-Since GET request was received from the client. The requested object was not in the cache (stale).

CACHE_FF_IMS

An If-Modified-Since GET request was received for a FlashForward locked embedded object

FORWARD_CACHE_HIT

The object came from the Condenser cache as a result of CacheForward processing. For more information, see the CacheForward OptimizationPolicy keyword in Table 5-3.


Table A-3 describes the bit fields in the failures flag byte from Table A-1.

Table A-3 Delta Optimization Failure Bit Flags 

Byte value
Description

1000000000000000 (1st)

The URL cannot be condensed because of a policy preventing it, such as a gif image

0100000000000000 (2nd)

The request is for a base file so there is no condensation by definition

0010000000000000 (3rd)

The MIME type of the response sent by the origin server cannot be condensed because it is excluded by the mimetypes.conf configuration file

0001000000000000 (4th)

The client user agent string is not listed in the useragent.conf configuration file

0000100000000000 (5th)

The base file has been frozen for rebasing and so cannot be used to generate a delta response

0000010000000000 (6th)

The response from the origin server is either too big (>250000 bytes) or too small (<1024 bytes) for condensation. Note that the minimum and maximum sizes are configurable.

0000001000000000 (7th)

The generated delta response size exceeds the permissible percentage of the original response for condensation. Rebasing is triggered.

0000000100000000 (8th)

The response from the origin server contains characters, tags, or encodings that cannot be condensed

0000000010000000 (9th)

The page is not condensed because of a cookie drop

0000000001000000 (10th)

The content is cacheable

0000000000100000 (11th)

The client disabled JavaScript support

0000000000010000 (12th)

The base file is rebasing too fast

0000000000001110

The 13th through the 15th bit flags are reserved for future use

0000000000000001 (16th)

One of the following occurred: base file deletion, base file creation failed, rebasing failed, on-going anonymization process


Table A-4 describes the bit fields in the CAF value from Table A-1.

Table A-4 Cache Failure Bit Flags

Byte value
Description

1000000000000000 (1st)

Not cacheable due to request method

0100000000000000 (2nd)

Not cacheable due to request headers

0010000000000000 (3rd)

Not cacheable due to response headers

0001000000000000 (4th)

Container has already expired, hence not cacheable

0000100000000000 (5th)

Container not cacheable. Cacheability validators do not exist, or this is a 401 response.

0000010000000000 (6th)

Not cacheable by policy

0000001000000000 (7th)

Negatively cached resulting in a pass-through request

0000000100000000 (8th)

Pass-through request as determined by AppScope

0000000010000000 (9th)

Unable to read from cache. Switch to pass-through mode.

0000000001000000 (10th)

Response is outside cacheable bounds

0000000000100000 (11th)

Response is already stale

0000000000011111

The 12th through the 16th bit flags are reserved for future use


Table A-5 describes the bit fields in the XSLMRG line from Table A-1.

Table A-5 XSLMerge Status Bit Flags 

Byte value
Description

0000000000000000

XSL Merge not applied

1000000000000000

XSL Merge applied due to policy, with no errors

1100000000000000

XSL Merge failed, content not XML; doing pass-through

1010000000000000

XSL Merge failed, no XSL provided

1001000000000000

XSL Merge failed, XSL source fetch failed

1000100000000000

XSL Merge failed, XML transformation failed

1000010000000000

XSL Merge failed, CSS error

1000000000000001

XSL Merge failed, general XSL merge error


Error_log

The error_log file logs errors encountered by the application appliance node. Log entries are similar to those generated by the standard Apache Web server.

The error_log file is generated by syslog, which sends its output to local0 by default. The default location for error_log is in the $AVS_HOME/perfnode/logs directory. You can configure syslog to send the error_log output to a remote server by using the CLI command set log-server remote. For more details, see "Command Line Interface."

Access_log

The default configuration does not include generating an access_log file because the FgnStatLog file includes the same information and there is very limited storage space available on the AVS 3120 device. However, you can use the CustomLog and FgnLogFormat directives to create an access_log file. Simply comment out these directives in the httpd.conf to generate a default access_log that logs all accesses to the application appliance node. By default, the format is the same as the standard Apache access_log file. Other extended formats can be specified, however; for details, see the "Configuring Extended access_log Formats" section.

Note If you choose to generate an access_log, you must manage the size of the log so that it does not grow too large and leaves enough storage space for other critical files and logs.

Here's an example default entry: 

208.177.157.164 - - [15/Aug/2004:10:59:38 -0800] "GET http://www.mysite.com/ HTTP/1.1" 200 - "-" 

"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

Each entry contains nine elements. Table A-6 describes the elements.

Table A-6 access_log Entry Elements

Example Data Element
Description

208.177.157.164

IP address of the client requesting the web page

-

Identity of the client; typically blank for modern browsers, which hide this information

-

User name with which the client was authenticated; typically always blank unless authentication is required to access the page

[15/Aug/2004:10:59:38 -0800]

Time the request was made

"GET http://www.mysite.com/ HTTP/1.1"

The HTTP request made by the client. Typically in the form of method (GET in this example), resource (the URL requested), and protocol (HTTP/1.1 in this example).

200

Status code for the request. 200 means it was successfully handled.

-

Number of bytes transferred to the client in response to this request

"-"

The URL of the referrer; that is, the URL of the page (or element within the page) from which the request URL was obtained

"Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"

User agent identifier of the client making the request


Configuring Extended access_log Formats

Two extended log format options are available for formatting an optional access_log:

W3C Extended log format as specified in http://www.w3.org/TR/WD-logfile

Microsoft Internet Information Services (IIS) web server style W3C Extended log file format

The FgnLogFormat directive, specified in the httpd.conf file, is used to define the format of an extended access_log. The CustomLog directive activates a previously defined access_log format. The use of one or both of these directives enables the use of extended access_log formats.

The FgnLogFormat directive syntax is as follows: 

FgnLogFormat alias fgn-class-name "format-field-list"

The parameters are defined in Table A-7.

Table A-7 FgnLogFormat Parameters

Parameter
Description

alias

A string of alphanumeric characters identifying this log format for later use in a CustomLog directive. Spaces are not allowed in the string. Optional.

fgn-class-name

Specify either W3CExtended or IISW3CExtended. This selects the type of log format, either W3C Extended log format or Microsoft Internet Information Services (IIS) web server style W3C Extended log format, respectively.

format-field-list

A string of keywords separated by spaces. These keywords identify the fields and the order in which they should appear in each log entry. Valid field names differ depending on the fgn-class-name value, and are listed in Table A-9.


The FgnLogFormat directive selects an access_log format and defines an explicit list of fields to include in each log entry. Optionally, it associates an alias to the format definition.

If an alias is not specified, the FgnLogFormat directive defines and activates the log format. If an alias is specified, then the FgnLogFormat directive simply defines a format but does not make it active. In this case, use a CustomLog directive to activate a previously defined format, as follows: 

CustomLog "log-location" alias

The parameters are defined in Table A-8.

Table A-8 CustomLog Parameters

Parameter
Description

log-location

A pathname indicating where the access_log file is to be stored.

alias

An alias string identifying a log format previously defined in an FgnLogFormat directive.


Table A-9 FgnLogFormat Field Names

W3CExtended
IISW3CExtended

time

date

time-taken

bytes

cached

c-ip

s-ip

cs-method

cs-uri-query

sc-status

cs-uri

cs-uri-stem

cs-uri-query

cs-host

cs(HeaderIn) - HeaderIn specifies any header line(s) in the request sent from the client to the server. For example: cs(User-Agent)

sc(HeaderOut) - HeaderOut logs the header line(s) in the response sent from the server to the client

date

time

c-ip

cs-username

s-ip

s-port

cs-method

cs-uri-stem

cs-uri-query

sc-status

sc-bytes

time-taken

cs-version

cs-host

cs(User-Agent)

cs(Cookie)

cs(Referer)


For the description of the format fields, refer to "Extended Log File Format" located at http://www.w3.org/TR/WD-logfile.

The following two examples show how to use the FgnLogFormat and CustomLog directives to specify each of the two classes of extended access_log formats.

W3CExtended Example

IISW3CExtended Example

W3CExtended Example

The following example uses the W3CExtended log format for logging to the file access.log. 

# Example httpd.conf entry

# Note: FGNLogFormat directive should be on a single line

#

FGNLogFormat xyzlog W3CExtended "time date time-taken bytes 

cached c-ip s-ip cs-method cs-uri-query sc-status cs-uri 

cs-uri-stem cs-uri-query cs(User-Agent) cs(Referer) cs(Cookie)"

CustomLog $AVS_HOME/perfnode/logs/access.log xyzlog

The following is a sample generated access.log file from this directive. Table A-10 explains a log entry. 

#Software: FineGround Condenser 9.0.0-12 (Linux)

#Remark: Begin meta data generated by FineGround Networks Condenser(TM)

#Version: 1.0

#Date: 2004-10-29 23:02:12

#Fields: time date time-taken bytes cached c-ip s-ip cs-method 

cs-uri-query sc-status cs-uri cs-uri-stem cs-uri-query cs(User-Agent)cs(Referer)cs(Cookie)

#Remark: End meta data generated by FineGround Networks Condenser(TM)

23:02:24 2004-10-29 1 1623 - 10.0.3.23 10.0.0.118 GET - 200 

http://www.google.com/ / - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" -

"FGNCDN=4.1-b1f406b8-0720-47a2-8216-780b865b9e85;

PREF=ID=23e2a23c4bd1e6dc:TM=1040167384:LM=1040167384:S=spiWT1j3i9dsA7QR"

Table A-10 W3CExtended Format Log Entry 

Example Data Element
Description

23:02:24

Time (in GMT) at which the transaction completed (time)

2004-10-29

Date (in GMT) on which the transaction completed (date)

1

Time taken for the transaction to complete in seconds (time-taken)

1623

Bytes transferred from the server to the client (bytes)

-

Records whether a cache hit occurred. Typically this information is not available and hence is always blank. (cached)

10.0.3.23

IP address of the client requesting the web page (c-ip)

10.0.0.118

IP address of the application appliance server (s-ip)

GET

The action the client was trying to perform, in this example, a GET command (cs-method)

-

Query portion alone of URI. Blank in this example (cs-uri-query)

200

Status code for the request. 200 means it was successfully handled (sc-status)

http://www.google.com/

The client requested URI (cs-uri)

/

Stem portion alone of URI, omitting query (cs-uri-stem)

-

Query portion alone of URI. Blank in this example (cs-uri-query)

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

User agent identifier of the client making the request ( cs(User-Agent) )

-

The site that directed the user to the current site. Blank in this example ( cs(Referer) )

"FGNCDN=4.1-b1f406b8-0720-47a2-8216-780b865b9e85;PREF=ID=23e2a23c4bd1e6dc: TM=1040167384:LM=1040167 384:S=spiWT1j3i9dsA7QR"

The content of the cookie sent or received, if any ( cs(Cookie) )


IISW3CExtended Example

The following example uses the IISW3CExtended log format for logging to the file access.log. 

# Example httpd.conf entry

# Note: FGNLogFormat directive should be on a single line

#

FGNLogFormat xyzlog IISW3CExtended "date time c-ip cs-username 

s-port cs-method cs-uri-stem cs-uri-query sc-status cs-version cs(User-Agent) cs(Cookie) cs(Referer)"

CustomLog $AVS_HOME/perfnode/logs/access.log xyzlog

The following is a sample generated access.log file, from this directive. Table A-11 explains a log entry. 

#Software: FineGround Condenser 9.0.0-12 (Linux)

#Remark: Begin meta data generated by FineGround Networks Condenser(TM)

#Version: 1.0

#Date: 2004-10-05 19:20:48

#Fields: date time c-ip cs-username s-port cs-method cs-uri-stem 

cs-uri-query sc-status cs-version cs(User-Agent) cs(Cookie) cs(Referer)

#Remark: End meta data generated by FineGround Networks Condenser(TM)

2004-10-05 19:21:44 10.0.3.23 - 8080 GET / - 200 HTTP/1.1

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)

FGNCDN=4.1-b1f406b8-0720-47a2-8216-780b865b9e85;+PREF=ID=23e2a23c4bd1e6dc:TM=1040167384:LM=1040167384:S=spiWT
1j3i9dsA7QR

-

Table A-11 IISW3CExtended Format Log Entry 

Example Data Element
Description

2004-10-05

Date (in GMT) at which the transaction completed (date)

19:21:44

Time (in GMT) at which the transaction completed (time)

10.0.3.23

IP address of the client requesting the web page (c-ip)

-

User name with which the client was authenticated; typically always blank unless authentication is required to access the page (cs-username)

8080

Port at which the application appliance server is listening (s-port)

GET

The action the client was trying to perform, in this example, a GET command (cs-method)

/

Stem portion alone of URI, omitting query (cs-uri-stem)

-

Query portion alone of URI. Blank in this example (cs-uri-query)

200

Status code for the request. 200 means it was successfully handled (sc-status)

HTTP/1.1

The protocol /version used by the client (cs-version)

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0)

User agent identifier of the client making the request ( cs(User-Agent) )

FGNCDN=4.1-b1f406b8-0720-47a2-8216-780b865b9e85;+PREF=ID= 23e2a23c4bd1e6dc: TM=1040167384:LM=104016 7384:S=spiWT1j3i9dsA7QR

The content of the cookie sent or received, if any ( cs(Cookie) )

-

The site that directed the user to the current site. Blank in this example ( cs(Referer) )


Postgres Database Logging

Postgres database errors are logged to the postgres_log, which is stored at $AVS_HOME/console/postgres/log/postgres.log. If a remote log server is not configured, then three rotated log files (postgres.log.1, postgres.log.2, and postgres.log.3) of 100 KB each are stored. If a remote log server is configured, then the log files are transferred to the remote server. Use the CLI command set log-server to configure a remote log server.

There are two postgres logging parameters that you might want to change to configure postgres logging:

server_min_messages: This sets the types of errors reported to the log.

log_timestamp: Adds timestamp prefixes to each line in the log.

To change these parameters, edit the postgres configuration file here:
$AVS_HOME/console/postgres/Database/postgresql.conf

The server_min_messages value is set as follows: 

server_min_messages = fatal

This parameter sets the minimum level of logging and means that only the specified level of errors and those higher are reported to the log. The available log levels include these (ordered from highest to lowest levels):

panic: Reports why all backend sessions restarted.

fatal: Reports why a backend session terminated.

log: Reports information of interest to administrators, for example, checkpoint activity.

error: Reports errors that caused a transaction to abort.

warning: Provides warnings to the user, for example, COMMIT outside a transaction.

notice: Provides information that may be helpful to users, for example, truncation of long identifiers and index creation as part of primary keys.

The log_timestamp value is set as follows: 

log_timestamp = true

This causes each log entry to be prefixed by a timestamp. You can set this to false to disable this feature.

Management Console Logging

Management Console log files are stored in the directory $AVS_HOME/console/jboss-3.0.1_tomcat-4.0.4/server/default/log