System Logging
The System — Logging
page allows you to set the W3C logging levels and specify
the remote server export the logs automatically.
The page is organised into the four sections below.
W3C Logging Details
Enabling W3C logging mode will start jetNEXUS ALB-X recording a W3C
compatible log file. A W3C log is an access
log for Web servers in which text files are generated containing data
about each access request, including the source Internet Protocol (IP)
address, the HTTP version, the browser type, the
referrer page, and the time stamp. The format was developed by the
World
Wide Web Consortium (W3C),
an organization that promotes standards for the evolution of the Web.
The file is in ASCII text, with space-delimited columns. The
file holds comment lines beginning with the # character. One
of these comment lines is a line naming field (providing column names)
so that data can be mined.
There are separate files for HTTP and FTP protocols.
HTTP W3C Logging:
Brief:
#Fields: time c-ip c-port
s-ip method uri
x-c-version x-r-version sc-status cs-bytes sr-bytes rs-bytes sc-bytes
x-percent time-taken x-round-trip-time cs(User-Agent)
x-sc(Content-Type).
Full:
This is a more processor-compatible format with separate date
and time fields. See the fields summary below for information
on what the fields mean. The fields present are:
#Fields: date time c-ip c-port cs-username s-ip s-port
cs-method
cs-uri-stem cs-uri-query sc-status cs(User-Agent) referer x-c-version
x-r-version cs-bytes sr-bytes rs-bytes sc-bytes x-percent time-taken
x-round-trip-time x-sc(Content-Type).
Site:
This format is very similar to “Full” but has an additional
field.
See the fields summary below for information on what the fields mean.
The fields present are:
#Fields: date time x-mil c-ip c-port cs-username s-ip s-port
cs-host cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
referer x-c-version x-r-version cs-bytes sr-bytes rs-bytes sc-bytes
x-percent time-taken x-round-trip-time x-sc(Content-Type).
Diagnostic:
This format is filled with all sorts of information relevant
to development and support staff. See the fields summary below for
information on what the fields mean. The fields present are:
#Fields: date time c-ip c-port cs-username s-ip s-port x-xff
x-xffcustom cs-host x-r-ip x-r-port cs-method cs-uri-stem cs-uri-query
sc-status cs(User-Agent) referer x-c-version x-r-version cs-bytes
sr-bytes rs-bytes sc-bytes x-percent time-taken x-round-trip-time
x-trip-times(new,rcon,rqf,rql,tqf,tql,rsf,rsl,tsf,tsl,dis,log)
x-closed-by x-compress-action x-sc(Content-Type) x-cache-action X-finish
FTP W3C Logging:
#Fields: date time c-ip
c-port s-ip
s-port r-ip r-port cs-method cs-param sc-status sc-param sr-method
sr-param rs-status rs-param
#Fields: date time c-ip
c-port s-ip
s-port r-ip r-port cs-method cs-param cs-bytes sc-status sc-param
sc-bytes sr-method sr-param sr-bytes rs-status rs-param
rs-bytes
#Fields: date time c-ip
c-port s-ip
s-port r-ip r-port cs-method cs-param cs-bytes sc-status sc-param
sc-bytes sr-method sr-param sr-bytes rs-status rs-param
rs-bytes
edgeNEXUS w3c Logging:
Address and Port:
client IP address along with the port.
Client’s Network Address:
client IP address only.
Forwarded-For Address and Port:
held in the XFF header including the address and port.
Forwarded-For Address:
held in the XFF header including the address only.
Include edgeNEXUS Security Information:
setting. When this is set to on this will allow any virtual service
that also has this setting turned on and is using Authentication to
append the username to the W3C log.
Off:
on a global scale.
Remote Syslog Server
configure two external syslog servers to send all system logs.
- Add the IP
address of your syslog server - Add the Port
- Choose TCP
or UDP - Tick the box
- Click Update
Remote W3C Log Storage
All W3C logs are stored compressed on the jetNEXUS ALB-X every hour.
The oldest files will only be deleted when 30% of disk space is
remaining. Should you wish to export these to a remote server for
safekeeping you can configure that below using an SMB share. Please
note that the W3C log will not transfer to the remote location until
after the file has been completed and compressed. As the logs are
written every hour this could take up to 2 hours for a Virtual Machine
and will be 5 hours behind for a hardware appliance. We will
include a test button in future releases to provide some feedback that your settings are correct.
Storage:
remote log storage.
your SMB server. This should be in dotted decimal notation. Example:
10.1.1.23
the SMB server. Example: w3c.
the SMB server. Example: /log.
the SMB share.
the SMB share.
Field Summary
HTTP
Condition |
Description |
| Date | Not localised = always YYYY-MM-DD (GMT/UTC) |
| Time | Not localised = HH:MM:SS or HH:MM:SS.ZZZ (GMT/UTC) * Note-unfortunately this has two formats (Site has no .ZZZ milliseconds) |
| x-mil | Site format only = millisecond of time-stamp |
| c-ip |
Client IP as best can be derived from network or X-Forwarded-For header |
| c-port | Client port as best can be derived from network or X-Forwarded-For header |
| cs-username | Client’s user-name request field |
| s-ip | ALB’s listening port |
| s-port |
ALB’s listening VIP |
| x-xff | Value of X-Forwarded-For header |
| x-xffcustom | Value of configured-named X-Forwarded-For type request header |
| cs-host | Host name in the request |
| x-r-ip | IP address of content server used |
| x-r-port | Port of content server used |
| cs-method | HTTP request method * except Brief format |
| method | * Only brief format uses this name for cs-method |
| cs-uri-stem | Path of the requested resource * except Brief format |
| cs-uri-query | Query for the requested resource * except Brief format |
| uri | * brief format logs a combined path and query-string |
| sc-status | HTTP response code |
| cs(User-Agent) | Browser’s User-Agent string (as sent by client) |
| referer | Referring page (as sent by client) |
| x-c-version | Client’s request HTTP version |
| x-r-version | Content-Server’s response HTTP version |
| cs-bytes | Bytes from client, in the request |
| sr-bytes | Bytes forwarded to content server, in the request |
| rs-bytes | Bytes from real-server, in the response |
| sc-bytes | Bytes sent to client, in the response |
| x-percent | Compression percentage * = 100 * ( 1 – output / input) including headers |
| time-taken | How long the real-server took in seconds |
| x-trip-times |
|
| new | millisecond from connect to posting in “newbie list” |
| pcon | millisecond from connect to placing the connection to the real-server |
| acon | millisecond from connect to finishing placing the connection to the real-server |
| rcon | millisecond from connect to establishing real-server connection |
| rqf | millisecond from connect to receiving the first byte of request from the client |
| rql | millisecond from connect to receiving the last byte of request from the client |
| tqf | millisecond from connect to sending the first byte of request to the real-server |
| tql | millisecond from connect to sending the last byte of request to the real-server |
| rsf | millisecond from connect to receiving the first byte of response from the real-server |
| rsl | millisecond from connect to receiving the last byte of response from the real-server |
| tsf | millisecond from connect to sending the first byte of response to the client |
| tsl | millisecond from connect to sending the last byte of response to the client |
| dis | millisecond from connect to disconnect (both sides – last one to disconnect) |
| log | millisecond from connect to this log record
usually followed by (Load-balance policy and reasoning) |
| x-round-trip-time | How long ALB took in seconds |
| x-closed-by | What action caused the connection to be closed (or kept open) |
| x-compress-action | How compression was carried out, or prevented |
| x-sc(Content-Type) | Content-Type of response |
| x-cache-action | How caching responded, or was prevented |
| x-finish | Trigger that caused this log row |
Clear Log Files
- Choose the log file you wish to clear
- Log Type
- W3C log
- System log
- ACC – Access log
- APP – Apps log
- ADD – Add-Ons log
- STT – System State log
- Click Clear
Back to