warning
.)
[13/Feb/1996:16:56:51] info: successful server startupIn the previous example, the first line is an informational message--the server started up successfully. The second log entry shows that the client wiley.a.com requested the file report.html, but the file wasn't in the primary document directory on the server. The third log entry shows that the password entered for the user jane was incorrect.
[20/Mar/1996 19:08:52] warning: for host wiley.a.com trying to GET /report.html, append-trailer reports: error opening /usr/ns-home/docs/report.html (No such file or directory)
[30/Mar/1996 15:05:43] security: for host arrow.a.com trying to GET /, basic-ncsa reports: user jane password did not match database /usr/ns-home/authdb/mktgdb
access
was created for the server. You can customize access logging for any resource by specifying whether to log accesses, who not to record accesses from, and whether the server should spend time looking up the domain names of clients when they access a resource.
Server access logs can be in Common Logfile Format, flexible log format, or your own customizable format. The Common Logfile Format is a commonly supported format, but provides a fixed amount of information about the server. The flexible log format allows you to choose (from the Server Manager) what to log. A customizable format uses parameter blocks that you specify to control what gets logged. Once an access log for a resource has been created, you can't change its format unless you archive it or create a new access log file for the resource.
To set access logging preferences,
logs
directory in the server root
directory. If you specify a partial path name, the server assumes the path is
the logs
directory in the server root.
*.netscape.com
doesn't log accesses from people whose domain is netscape.com
. You can type wildcard patterns for host names, IP addresses, or both.
POST
.)
wiley.a.com - - [16/Feb/1996:21:18:26 -0800] "GET / HTTP/1.0" 200 751 wiley.a.com - - [17/Feb/1996:1:04:38 -0800] "GET /docs/grafx/icon.gif HTTP/1.0" 204 342 wiley.a.com - - [20/Feb/1996:4:36:53 -0800] "GET /help HTTP/1.0" 401 571 arrow.a.com - john [29/Mar/1996:4:36:53 -0800] "GET /help HTTP/1.0" 401 571The following table describes the last line of the sample access log.
The following is a sample of an access log using the flexible logging format:
wiley.a.com - - [25/Mar/1996:12:55:26 -0800] "GET /index.htm HTTP/1.0" "GET" "/?-" "HTTP/
1.0" 304 0 - Mozilla/2.0 (WinNT; I)
wiley.a.com - - [25/Mar/1996:12:55:26 -0800] "GET / HTTP/1.0" "GET" "/?-" "HTTP/1.0" 304 0
- Mozilla/2.0 (WinNT; I)
wiley.a.com - - [25/Mar/1996:12:55:26 -0800] "GET / HTTP/1.0" "GET" "/?-" "HTTP/1.0" 304 0
- Mozilla/2.0 (X11; I; IRIX 5.3 IP22)
The access log using the flexible logging format looks similar to the access log using the Common Logfile Format.
Working with the log analyzer
Use the log analyzer to generate statistics about your server, such as a summary of activity, most commonly accessed URLs, times during the day when the server is accessed most frequently, and so on. You can run the log analyzer from the Server Manager, as described in the following section; if you want to run the log analyzer from the command line, go to the "Running the log analyzer from the command line" section.
Note
Before running the log analyzer, you should archive the server logs. For more information about archiving server logs, see "Archiving log files" on page 153.
Running the log analyzer from the Server Manager
To run the log analyzer from the Server Manager,
flexanlg
, which is in extras/flexanlg in your server root directory.
To run flexanlg
, type the following command and options at the command prompt:
% flexanlg [ -P ] [-n name] [-x] [-r] [-p order] [-i file]* [ -m metafile ]* [-o file][-c opts] [-t opts] [-l opts]The following describes the syntax. (You can get this information online by typing
flexanlg -h
.)
-P: proxy log format Default: no -n servername: The name of the server -x : Output in HTML Default: no -r : Resolve IP addresses to hostnames Default: no -p [c,t,l]: Output order (counts, time stats, lists) Default: ctl -i filename: Input log file(s) Default: none -o filename: Output log file Default: stdout -m filename: Meta file(s) Default: none -c [h,n,r,f,e,u,o,k,c,z]: Count these item(s) - Default: hnreuokc h: total hits n: 304 Not Modified status codes (Use Local Copy) r: 302 Found status codes (Redirects) f: 404 Not Found status codes (Document Not Found) e: 500 Server Error status codes (Misconfiguration) u: total unique URL's o: total unique hosts k: total kilobytes transferred c: total kilobytes saved by caches z: Do not count any items. -t [sx,mx,hx, xx,z]: Find general stats - Default:s5m5h24x10 s(number): Find top (number) seconds of log m(number): Find top (number) minutes of log h(number): Find top (number) hours of log u(number): Find top (number) users of log a(number): Find top (number) user agents of log r(number): Find top (number) referers of log x(number): Find top (number) for miscellaneous keywords z: Do not find any general stats. -l [cx,hx]: Make a list of - Default: c+3h5 c(x,+x): Most commonly accessed URLs (x: Only list x entries)> (+x: Only list if accessed more than x times) h(x,+x): Hosts (or IP addresses) most often accessing your server (x: Only list x entries) (+x: Only list if accessed more than x times) z: Do not make any lists
NoteBefore running the log analyzer, you should archive the server logs. To archive log files,
If you want archiving to occur at a specific time on specific days, click the Rotate log at button, choose times from the list, and select the days for archiving to occur.
NoteIf you chose to archive your server logs at specific times on specific days, steps 4 and 5 are necessary in order for archiving to take place.
Figure 9-1 Top level of the MIB tree
The Netscape MIB
The Netscape MIB has an object identifier of 1.3.6.1.4.1.1450. Using the Netscape MIB, you can monitor your server like any other device on your network by using network management software, such as HP OpenView. A basic diagram of information being passed from the server through the SNMP master agent to the NMS is shown in the following diagram.
Interaction between the web server, SNMP agent, and NMS
Note
You should be a system administrator or have in-depth system knowledge before installing the SNMP agents.
Installing Netscape SNMP agents
Before you can use the Netscape MIB to monitor your web server, you need to first install a master agent (unless your SNMP daemon supports SMUX). If you're not sure whether your SNMP daemon supports SMUX, see its documentation. You then need to enable an SNMP subagent.
If you are already using an SNMP daemon and want to continue using it, you need to install a proxy SNMP agent before restarting the original SNMP daemon. If you are working on the AIX platform, go to the "Installing subagents on AIX" section.
CONFIG
. You can edit the CONFIG file using the Server Manager, or you can edit the file manually.
If an SNMP daemon is running, make sure you know how to restart it and
which MIB trees it supports.
COMMUNITY public
ALLOW ALL OPERATIONS
MANAGER <your_manager_station_name>
SEND ALL TRAPS TO PORT 162
WITH COMMUNITY public
# magt CONFIG INIT&
After starting the master agent on your system, if you do not want to continue using the native SNMP daemon, go to "Enabling the subagent" section on page 163.
COMMUNITY public ALLOW ALL OPERATIONSYou can start a master agent a non-standard port by doing one of the following:
MANAGER nms2 SEND ALL TRAPS TO PORT 162 WITH COMMUNITY public
INITIAL sysLocation "Server room 501 East Middlefield Road Mountain View, CA 94043 USA"
INITIAL sysContact "John Doe email: <jdoe@netscape.com>"
After editing the CONFIG file manually, you should start the master agent manually by typing the following at the command prompt:
# magt CONFIG INIT&
If an SNMP daemon is running, make sure you know how to restart it and
which MIB trees it supports.
CONFIG
file (you can give this file a different name), located in plugins/snmp/sagt in the server root directory to include the port the SNMP daemon will listen to and which MIB trees and traps this proxy SNMP agent will forward.
CONFIG
file:
AGENT AT PORT 1161 WITH COMMUNITY public
SUBTREES 1.3.6.1.2.1.1,
1.3.6.1.2.1.2,
1.3.6.1.2.1.3,
1.3.6.1.2.1.4,
1.3.6.1.2.1.5,
1.3.6.1.2.1.6,
1.3.6.1.2.1.7,
1.3.6.1.2.1.8
FORWARD ALL TRAPS;
# pagt -c CONFIG&
CONFIG
. For example, on the Solaris platform, using the port in the previously mentioned example CONFIG
file, you'd type:
# snmpd -P 1161
#
./stop-admin
To stop the administration server from the Server Manager,
smux 1.3.6.1.4.1.1.1450.1 "" <IP_address> <net_mask>IP_address is the IP address of the host the subagent is running on, and net_mask is the network mask of that host.
NoteDo not use the loopback address 127.0.0.1; use the real IP address instead. If you need more information, see your related system documentation for details.
NoteThe master agent cannot be started this way if there is an SNMP daemon already running. If an SNMP daemon is running, manually kill its process, and then start the master agent using the process discussed in "Installing the SNMP master agent" on page 159.