System Logging

System Logging

The System — Logging
page allows you to set the W3C logging levels and specify
the remote server export the logs automatically.

The page is organised into the four sections below.

W3C Logging Details

Enabling W3C logging mode will start jetNEXUS ALB-X recording a W3C
compatible log file. A W3C log is an access
log for Web servers in which text files are generated containing data
about each access request, including the source Internet Protocol (IP)
address, the HTTP version, the browser type, the
referrer page, and the time stamp. The format was developed by the
World
Wide Web Consortium (W3C),
an organization that promotes standards for the evolution of the Web.

The file is in ASCII text, with space-delimited columns. The
file holds comment lines beginning with the # character. One
of these comment lines is a line naming field (providing column names)
so that data can be mined.

There are separate files for HTTP and FTP protocols.

HTTP W3C Logging:

None:
W3C logging is off.

Brief:

The fields present are:

#Fields: time c-ip c-port
s-ip method uri
x-c-version x-r-version sc-status cs-bytes sr-bytes rs-bytes sc-bytes
x-percent time-taken x-round-trip-time cs(User-Agent)
x-sc(Content-Type).

Full:

This is a more processor-compatible format with separate date
and time fields. See the fields summary below for information
on what the fields mean. The fields present are:

#Fields: date time c-ip c-port cs-username s-ip s-port
cs-method
cs-uri-stem cs-uri-query sc-status cs(User-Agent) referer x-c-version
x-r-version cs-bytes sr-bytes rs-bytes sc-bytes x-percent time-taken
x-round-trip-time x-sc(Content-Type).

Site:

This format is very similar to “Full” but has an additional
field.
See the fields summary below for information on what the fields mean.
The fields present are:

#Fields: date time x-mil c-ip c-port cs-username s-ip s-port
cs-host cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)
referer x-c-version x-r-version cs-bytes sr-bytes rs-bytes sc-bytes
x-percent time-taken x-round-trip-time x-sc(Content-Type).

Diagnostic:

This format is filled with all sorts of information relevant
to development and support staff. See the fields summary below for
information on what the fields mean. The fields present are:

#Fields: date time c-ip c-port cs-username s-ip s-port x-xff
x-xffcustom cs-host x-r-ip x-r-port cs-method cs-uri-stem cs-uri-query
sc-status cs(User-Agent) referer x-c-version x-r-version cs-bytes
sr-bytes rs-bytes sc-bytes x-percent time-taken x-round-trip-time
x-trip-times(new,rcon,rqf,rql,tqf,tql,rsf,rsl,tsf,tsl,dis,log)
x-closed-by x-compress-action x-sc(Content-Type) x-cache-action X-finish

 

FTP W3C Logging:

Brief:

#Fields: date time c-ip
c-port s-ip
s-port r-ip r-port cs-method cs-param sc-status sc-param sr-method
sr-param rs-status rs-param

Full:

#Fields: date time c-ip
c-port s-ip
s-port r-ip r-port cs-method cs-param cs-bytes sc-status sc-param
sc-bytes sr-method sr-param sr-bytes rs-status rs-param
rs-bytes

Diagnostic:

#Fields: date time c-ip
c-port s-ip
s-port r-ip r-port cs-method cs-param cs-bytes sc-status sc-param
sc-bytes sr-method sr-param sr-bytes rs-status rs-param
rs-bytes

edgeNEXUS w3c Logging:

 
Client’s Network
Address and Port:
This will show the true
client IP address along with the port.


Client’s Network Address:

This will show the true
client IP address only.


Forwarded-For Address and Port:

This will show the details
held in the XFF header including the address and port.


Forwarded-For Address:

This will show the details
held in the XFF header including the address only.

 

Include edgeNEXUS Security Information:

On:

 This is a global
setting. When this is set to on this will allow any virtual service
that also has this setting turned on and is using Authentication to
append the username to the W3C log.


Off:

This will turn off the ability to log the username to the W3C log
on a global scale.

Remote Syslog Server

In this section you can
configure two external syslog servers to send all system logs.
  • Add the IP
    address of your syslog server
  • Add the Port
  • Choose TCP
    or UDP
  • Tick the box
  • Click Update

 

Remote W3C Log Storage

All W3C logs are stored compressed on the jetNEXUS ALB-X every hour.
The oldest files will only be deleted when 30% of disk space is
remaining. Should you wish to export these to a remote server for
safekeeping you can configure that below using an SMB share. Please
note that the W3C log will not transfer to the remote location until
after the file has been completed and compressed. As the logs are
written every hour this could take up to 2 hours for a Virtual Machine
and will be 5 hours behind for a hardware appliance. We will
include a test button in future releases to provide some feedback that your settings are correct.

 

Remote Log
Storage:
Tick the box to enable
remote log storage.

 

IP Address:
Add in the IP address of
your SMB server. This should be in dotted decimal notation. Example:
10.1.1.23

 

Share Name:
Add in the share name on
the SMB server. Example: w3c.

 

Directory:
Add in the directory on
the SMB server. Example: /log.

 

Username:
Add in the username for
the SMB share.

 

Password:
Add in the password for
the SMB share.

 

Field Summary

HTTP

Condition

Description

Date Not
localised = always YYYY-MM-DD (GMT/UTC)
Time Not
localised = HH:MM:SS or HH:MM:SS.ZZZ (GMT/UTC)
* Note-unfortunately this has two formats (Site has no .ZZZ
milliseconds)
x-mil Site
format only = millisecond of time-stamp
c-ip
Client
IP as best can be derived from network or X-Forwarded-For header
c-port Client
port as best can be derived from network or X-Forwarded-For header
cs-username Client’s
user-name request field
s-ip ALB’s
listening port
s-port
ALB’s
listening VIP
x-xff Value
of X-Forwarded-For header
x-xffcustom Value of configured-named
X-Forwarded-For type request header
cs-host Host name in the request
x-r-ip IP address of content server
used
x-r-port Port of content server used
cs-method HTTP request method * except
Brief format
method * Only brief format uses this
name for cs-method
cs-uri-stem Path of the requested resource
* except Brief format
cs-uri-query Query for the requested
resource * except Brief format
uri * brief format logs a combined
path and query-string
sc-status HTTP response code
cs(User-Agent) Browser’s User-Agent string
(as sent by client)
referer Referring page (as sent by
client)
x-c-version Client’s request HTTP version
x-r-version Content-Server’s response HTTP
version
cs-bytes Bytes from client, in the
request
sr-bytes Bytes forwarded to content
server, in the request
rs-bytes Bytes from real-server, in
the response
sc-bytes Bytes sent to client, in the
response
x-percent Compression percentage * = 100
* ( 1 – output / input) including headers
time-taken How long the real-server
took in seconds
x-trip-times
new millisecond from connect to
posting in “newbie list”
pcon millisecond from connect to placing the connection to the real-server
acon millisecond from connect to finishing placing the connection to the real-server
rcon millisecond from connect to establishing real-server connection
rqf millisecond from connect to
receiving the first byte of request from the client
rql millisecond from connect to
receiving the last byte of request from the client
tqf millisecond from connect to
sending the first byte of request to the real-server
tql millisecond from connect to
sending the last byte of request to the real-server
rsf millisecond from connect to
receiving the first byte of response from the real-server
rsl millisecond from connect to
receiving the last byte of response from the real-server
tsf millisecond from connect to
sending the first byte of response to the client
tsl millisecond from connect to
sending the last byte of response to the client
dis millisecond from connect to
disconnect (both sides – last one to disconnect)
log millisecond from connect to this log record

usually followed by (Load-balance policy and reasoning)

x-round-trip-time How long ALB took in seconds
x-closed-by What
action caused the connection to be closed (or kept open)
x-compress-action How
compression was carried out, or prevented
x-sc(Content-Type) Content-Type
of response
x-cache-action How
caching responded, or was prevented
x-finish Trigger
that caused this log row

Clear Log Files

  • Choose the log file you wish to clear
  • Log Type
    • W3C log
    • System log
    • ACC – Access log
    • APP – Apps log
    • ADD – Add-Ons log
    • STT – System State log
  • Click Clear

clearlogfiles

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

or    

Forgot your details?