-
Cisco ACNS Software Caching Configuration Guide, Release 4.1
-
Title Page
-
Preface
-
Chapter 1: Cisco Cache Application Product Overview
-
Chapter 2: Cisco Cache Application Basic Configuration
-
Chapter 3: Cisco Application and Content Networking Software Cache Application Features
-
Chapter 4: Configuring Transparent Caching
-
Chapter 5: Configuring Proxy Style Caching
-
Chapter 6: Configuring Cache Parameter Settings
-
Chapter 7: Configuring a Primary Proxy Server
-
Chapter 8: Configuring URL Filtering
-
Chapter 9: Configuring Transaction Logging
-
Chapter 10: Configuring Authentication
-
Chapter 11: Configuring Network Management
-
Chapter 12: Configuring TCP Stack Parameters
-
Chapter 13: Configuring Windows Media Technologies 7.01 Streaming Media Caching
-
Chapter 14: Configuring RealProxy 8.01 Streaming Media Caching
-
Chapter 15: Configuring the Rules Template
-
Chapter 16: Miscellaneous Features
-
Appendix A: Web Cache Communication Protocol Version 1
-
Appendix B: Web Cache Communication Protocol Version 2
-
Index
-
Configuring Transaction Logging
Overview
Transaction logs allow administrators to view the traffic that has passed through the Content Engine. Typical fields in the transaction log are the date and time when a request was made, the URL that was requested, whether it was a cache-hit or a cache-miss, the type of request, the number of bytes transferred, and the source IP.
High-performance caching presents additional challenges other than how to quickly retrieve objects from storage, memory, or the web. Administrators of caches are often interested in what requests have been made of the cache and what the results of these requests were. This information is then used for such applications as:
- Problem identification and solving
- Load monitoring
- Billing
- Statistical analysis
- Security problems
- Cost analysis and provisioning
In ACNS 4.1 software, the user can choose between Squid, Extended Squid, and Apache log formats.
Squid-Style Transaction Logging
The Squid-style log format is the default format for transaction logging in the Content Engine. The Squid log file format used is the native log file format associated with the Squid-1.1 access.log file format. For details on the Squid-1.1 native log file format, refer to the Squid documentation "Frequently Asked Questions," section 6.6, access.log heading at the following URL: http://www.squid-cache.org/doc/FAQ/FAQ.html
The Squid log file format is:
time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type
A Squid log format example looks like this:
1012429341.115 100 172.16.100.152 TCP_REFRESH_MISS/304 1100 GET http://www.cisco.com/images/homepage/news.gif - DIRECT/www.cisco.com -
Squid logs are a valuable source of information about cache workloads and performance. The logs record not only access information but also system configuration errors and resource consumption, such as memory and disk space.
This example enables transaction logging in Squid-style format.
ContentEngine(config)# transaction-logs format squid ContentEngine(config)#
Table 9-1 lists the fields associated with the Squid-style format.
 |
Note Many public tools are available that can convert a Squid-style transaction log into reports. Visit the following website, http://www.squid-cache.org/Scripts for listings of such tools. |
Table 9-1: Squid-Style Format Description
| Field | Description |
|---|---|
|
Time |
UNIX time stamp as Coordinated Universal Time (UTC) seconds with a millisecond resolution. |
|
Elapsed |
Length of time in milliseconds that the cache was busy with the transaction. Note Entries are logged after the reply has been sent, not during the lifetime of the transaction. |
|
Remote Host |
IP address of the requesting instance. |
|
Code/Status |
Two entries separated by a slash. The first entry contains information on the result of the transaction: the kind of request, how it was satisfied, or in what way it failed. The second entry contains the HTTP result codes. |
|
Bytes |
Amount of data delivered to the client. This does not constitute the net object size, because headers are also counted. Also, failed requests may deliver an error page, the size of which is also logged here. |
|
Method |
Request method to obtain an object for example, GET. |
|
URL |
URL requested. |
|
Rfc931 |
Contains the authentication server's identification or lookup names of the requesting client. This field will always be a "-" (dash). |
|
Peerstatus/Peerhost |
Two entries separated by a slash. The first entry represents a code that explains how the request was handled, for example, by forwarding it to a peer, or returning the request to the source. The second entry contains the name of the host from which the object was requested. This host may be the origin site, a parent, or any other peer. Also note that the host name may be numerical. |
|
Type |
Content type of the object as seen in the HTTP reply header. In the ACNS 4.1 software, this field will always contain a "-" (dash). |
Extended Squid-Style Transaction Logging
The Extended Squid format logs the associated username for each record in the log file in addition to the fields logged by the Squid-style format, and is used for billing purposes. In this format the Rfc931 field associated with the Squid format (Table 9-1) is used to log the authorized user. This field always contains a "-" (dash) if no user information is available.
An Extended Squid-style log format example looks like this:
1012429341.115 100 172.16.100.152 TCP_MISS/302 184 GET http://www.cisco.com myloginname DIRECT/www.cisco.com -
Use the transaction-logs format extended-squid command to enable transaction logging in Extended Squid format.
This example shows how to enable transaction logging in Extended Squid format.
ContentEngine(config)# transaction-logs format extended-squid ContentEngine(config)#
Apache-Style Transaction Logging
This format is the Common Log File (CLF) format defined by the World Wide Web Consortium (W3C) working group. This format is compatible with many industry-standard log tools. For more information, see the W3C Common Log Format website at http://www.w3.org/Daemon/User/Config/Logging.html .
The Apache-style log file format is:
remotehost rfc931 authuser date request status bytes
An Apache-style log file format example looks like this:
172.16.100.152 - - [Wed Jan 30 15:26:26 2002] "GET/http://www.cisco.com/images/homepage/support.gif HTTP/1.0" 200 632
Table 9-2 lists the fields associated with the Apache CLF format.
Table 9-2: Apache Common Log File Format Descriptions
| Field | Description |
|---|---|
|
Remotehost |
Remote host name or IP address. |
|
Rfc931 |
Contains the authentication server's identification or lookup names of the requesting client. This field will always contain a "-" (dash). |
|
Authuser |
Username that the user logged in for authentication purposes. This will be a "-" (dash) if no user information is available. |
|
Date |
Date and time of request. |
|
Request |
The first line of the request. |
|
Status |
The HTTP status code. Example: 200. |
|
Bytes |
The content-length of the document transferred. |
This example shows how to enable transaction logging in Apache style format.
ContentEngine(config)# transaction-logs format apache ContentEngine(config)#
Sanitized Transaction Logs
Use the transaction-logs sanitized command to disguise the IP address and usernames of clients in the transaction log file. The default is not sanitized. A sanitized transaction log disguises the network identity of a client by changing the IP address in the transaction logs to 0.0.0.0. The no form disables the sanitize feature.
This examples shows how to enable the sanitize feature in transaction logging.
ContentEngine(config)# transaction-logs sanitize ContentEngine(config)#
Exporting Log Files
In order to facilitate the postprocessing of cache logfiles, it is possible to export transaction logs to an external host.
This feature allows for log files to be automatically exported by FTP to an external host at configurable intervals. The username and password used for FTP are configurable, as is the directory to which the log files are uploaded.
The log files automatically have a filename of:
<type>_<ipaddr>_yyyymmdd_hhmmss.txt
where
- <type> represents the type of log file with celog for cache logs such as HTTP, HTTPS, and FTP, and mms_export for Windows Media Technology (WMT) logs
- <ipaddr> represents the Content Engine IP address
- yyyymmdd_hhmmss represents the date and time when the log was archived for export
|
Note For MMS type logs there is no .txt extension in the filename. |
Exporting Transaction Logs to External FTP Servers
To export transaction logs to an FTP server, you must first enable the feature and then configure the FTP server parameters. Use the transaction-logs export enable command to enable exporting of transaction logs to external FTP servers. You can then use the transaction-logs export ftp-server option to enter FTP server parameters. This option can support up to four FTP servers. The following information is required for each target FTP server:
- Server IP address or the host name
- The Content Engine translates the host name with a DNS lookup and then stores the IP address in the configuration.
- FTP user login and user password
- Path of the directory where transferred files are written
- Use a fully qualified path or a relative path for the user login. The user must have write permission to the directory.
Use the transaction-logs archive compress command to compress archived log files into gzip format prior to exporting them to external FTP servers. The compressed filename has a .gz extension in the filename. This feature uses less disk space for the archived files on both the Content Engine and the FTP export server and also requires less bandwidth during export.
In this example, two FTP servers are configured.
ContentEngine(config)#transaction-logs export ftp-server 10.1.1.1 mylogin mypasswd /ftpdirectoryContentEngine(config)#transaction-logs export ftp-server myhostname mylogin mypasswd /ftpdirectory
To delete an FTP server, use the no form of the command.
ContentEngine(config)#no transaction-logs export ftp-server 10.1.1.1ContentEngine(config)#no transaction-logs export ftp-server myhostname
Use the no form of the transaction-logs export enable command to disable the entire transaction log export feature while retaining the rest of the configuration.
ContentEngine(config)# no transaction-logs export enable
To change a username, password, or directory, reenter the entire line.
ContentEngine(config)# transaction-logs export ftp-server 10.1.1.1 mynewname mynewpass
/newftpdirectory
The show transaction-logging command displays information on the configuration of transaction logging in the Content Engine. Note that transaction log file information is displayed for HTTP and WMT Microsoft Media Server (MMS) caching proxy transactions.
ContentEngine#show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.Logging of ecdn internal communication is disabled.End user identity is hidden. (sanitized)File markers are disabled.Archive interval: every-day every hour.Maximum size of archive file: 2000000 KBLog File format is extended-squid.Exporting files to ftp servers is enabled.File compression is disabled.Export interval: every-day at 11:45 local timeftp-server username directory10.1.1.1 mylogin /ftpdirectory10.2.2.2 mylogin /ftpdirectoryHTTP Caching Proxy Transaction Log File InfoWorking Log file - size : 83age: 502845Archive Log file - celog_10.1.1.21_20020107_150300.txt size: 1075Archive Log file - celog_10.1.1.21_20020117_150300.txt size: 1199746Archive Log file - celog_10.1.1.21_20020118_000000.txt size: 137583Archive Log file - celog_10.1.1.21_20020118_150300.txt size: 12667Archive Log file - celog_10.1.1.21_20020123_150300.txt size: 298WMT MMS Caching Proxy/Server Transaction Log File InfoWorking Log file - size : 541age: 54117Archive Log file - mms_export_10.1.1.21_20020107_225942 size: 541Archive Log file - mms_export_10.1.1.21_20020107_232156 size: 938Archive Log file - mms_export_10.1.1.21_20020117_193239 size: 541Archive Log file - mms_export_10.1.1.21_20020122_224556 size: 1993Archive Log file - mms_export_10.1.1.21_20020124_150334 size: 541Archive Log file - mms_export_10.1.1.21_20020131_025505 size: 541ContentEngine#
|
Note For security reasons, passwords are never displayed. |
Restarting Export After Receiving a Permanent Error from the External FTP Server
When an FTP server returns a permanent error to the Content Engine, the archive transaction logs are no longer exported to that server. You must reenter the Content Engine transaction log export parameters for the misconfigured server to clear the error condition. The show statistics transaction-logs command displays the current state of transaction log export readiness.
A permanent error (Permanent Negative Completion Reply, RFC 959) occurs when the FTP command to the server cannot be accepted, and the action does not take place. Permanent errors can be caused by invalid user logins, invalid user passwords, and attempts to access directories with insufficient permissions or directories that do not exist.
In the following example, an invalid user login parameter was included in the transaction-logs export ftp-server command. The show statistics transaction-logs command shows that the Content Engine failed to export archive files.
ContentEngine# show statistics transaction-logs
Transaction Log Export Statistics:
Server:172.16.10.5
Initial Attempts:1
Initial Successes:0
Initial Open Failures:0
Initial Put Failures:0
Retry Attempts:0
Retry Successes:0
Retry Open Failures:0
Retry Put Failures:0
Authentication Failures:1
Invalid Server Directory Failures:0
To restart the export of archive transaction logs, you must reenter the transaction-logs export ftp-server parameters.
ContentEngine(config)# transaction-logs export ftp-server 172.16.10.5 goodlogin pass
/ftpdirectory