Create the transaction log definition file using the following format.
Syntax
[RequestLog] Service=service-name Type=web | proxy Path=log-path Format=format-symbol | "format" TimeZone=timezone Inclusion=inclusive-record |
Point
The vertical bars "|" mean "or". That is, either one option or the other can be specified.
Blank lines are treated as comments.
Lines that start with a hash "#" are treated as comments.
Description
[RequestLog]
Indicates the start of a new definition block and the end of the previous definition block.
Up to 20 definition blocks can be defined.
Service=service-name
Define the identifier for the log to be analyzed. For "service-name", specify the identifier using up to 64 characters. The following characters cannot be used.
\ : < > " $ ' [ ] = & / * ? | , |
Note
Each definition block must have a different "service-name".
Type=web | proxy
Indicates which type of server is being analyzed. The meanings of each option are as follows:
Option | Meaning |
|---|---|
web | Web server |
proxy | Proxy server |
The default option is as below. For the default option, this line can be omitted.
Type=web
Path=log-path
Defines the path to the log file to be analyzed.
For "log-path", specify the absolute path to the log file to be analyzed. If multiple log files are created in the same directory, use a wildcard ("*") in the file name to specify all of these files inclusively. If the path includes blank spaces, enclose the entire path in double quotes.
The wildcard feature is provided in order to allow file names to be specified in situations where log files are created for each date, or using file rotation. Wildcards cannot generally be specified with any random string.
Example
Log file to be analyzed | log-path | |
|---|---|---|
Windows | Log files created in the C:\WINNT\system32\LogFiles\W3SVC3 directory using the following format: ex041002.log, ex041003.log, | C:\WINNT\system32\LogFiles\W3SVC3\ex*.log |
UNIX | Log files created in the /var/www/logs directory with logrotate using the following format: accesslog, accesslog.1, accesslog.2, | /var/www/logs/accesslog |
Note
If the Path statement is not specified appropriately, it may not be possible to detect the latest log file, and analysis may not be possible.
Format=format-symbol | "format"
Defines the entry format for the log file to be analyzed.
Here, "format-symbol" is a symbol corresponding to a fixed recording format.
For "format", specify the recording format using tokens and delimiters. Specify a "format" when the recording format for the log file to be analyzed does not correspond to any of the fixed recording formats.
The symbols and tokens that can be specified are listed below.
Specifying log files using "format-symbol"
Analyzing log files for Web servers
Analyzing log files for proxy servers
Specifying tokens for "format"
Analyzing log files for Web servers
Symbol | Corresponding log |
|---|---|
Corresponding "format" | |
Common | W3C Common Logfile Format. Corresponds to the following logs: The W3C httpd (CERN httpd) Common log format The Apache httpd Common log format and Custom log format Microsoft Internet Information Services' Common log format (NCSA common log file format), the W3C Extended log format (W3C extended log file format) Netscape Enterprise Server's Common log format, Flexible log format and Custom log format Fujitsu InfoProvider Pro's Common log format, Extended log format, etc. |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes" | |
Microsoft-MS50 | Microsoft Internet Information Services custom format. Corresponds to the following log: Microsoft Log Format for Microsoft Internet Information Services 5.0. Note This symbol is valid only if the default settings have been left unchanged since Microsoft Internet Information Services 5.0 was installed. |
"s-time{yyyy-mm-dd HH:MM:SS} * * * * s-method s-path * s-status *" | |
Microsoft-MS60 | Microsoft Internet Information Services custom format. Corresponds to the following log: Microsoft Log Format for Microsoft Internet Information Services 6.0. Note This symbol is valid only if the default settings have been left unchanged since Microsoft Internet Information Services 6.0 was installed. |
"s-time{yyyy-mm-dd HH:MM:SS} * * * s-method s-path * s-status * *" |
Analyzing log files for proxy servers
Symbol | Corresponding log |
|---|---|
Corresponding "format" | |
Common | W3C Common Logfile Format. Corresponds to the following logs: Netscape Proxy Server's Common log format, Extended log format, Extended2 log format, Flexible log format, and Custom log format Squid's Common log format DeleGate's Common log format and Custom log format The Apache httpd Common log format and Custom log format The W3C httpd (CERN httpd) Common log format Fujitsu InfoProxy's Common log format, etc |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes" | |
Common+Ts | Adds the processing time (in seconds) to Common. Can be applied to the following logs or customized formats. Netscape Proxy Server's Flexible log format and Custom log format DeleGate's Custom log format The Apache httpd Custom log format |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes s-elapse{s}" | |
Common+Tms | Adds the processing time (in milliseconds) to Common. Can be applied to the following logs or customized formats: Netscape Proxy Server's Flexible log format and Custom log format DeleGate's Custom log format Fujitsu InfoProxy's Extend log format |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes s-elapse{ms}" | |
Netscape-Extend | Netscape Proxy Server custom format. Corresponds to the following log: Netscape Proxy Server's Extended log format and Extended2 log format |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes r-status * * * * * * * s-elapse{s}" | |
Squid-Native11 | Squid custom format. Corresponds to the following log. Squid's Native log format (Version 1.1 format) |
"s-time{seconds} s-elapse{ms} * */s-status s-bytes s-method s-url * */* *" | |
Microsoft-Native | Microsoft Proxy Server custom format. Corresponds to the following logs: Microsoft Proxy Server's WebProxy log format |
"*, *, *, *, time{yy/mm/dd, HH:MM:SS}, *, *, *, *, *, *, s-elapse{ms}, s-bytes, *, *, *, s-method, s-url, *, *, s-status, *" | |
DeleGate-Default | DeleGate custom format. Corresponds to the following log: DeleGate's HTTP default log format |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes s-elapse{ms}:*" | |
InfoProxy-Extend | Fujitsu InfoProxy custom format. Corresponds to the following log: Fujitsu InfoProxy's Extend log format |
"* * * [s-time{dd/mon/yyyy:HH:MM:SS} *] \"c-request\" s-status s-bytes s-elapse{ms} r-status * * * * * * * * * * * * * *" |
Note
When specifying the entry format for the log file using a symbol, compare the records in the log file to be analyzed with the format that corresponds to the symbol and specify the symbol that matches the actual entry format. Take particular care with the date section, as this can vary from system to system.
The "Microsoft-MS50" and "Microsoft-MS60" symbols are valid only if the settings have been left unchanged since Microsoft Internet Information Services 5.0 or 6.0 was installed. If the log format has been changed since installation, specify a symbol so that the entry format matches the records in the log to be analyzed. If there is no such symbol, specify the entry format using a "format" string.
The following performance information cannot be collected if the log entry format is specified using a symbol.
Symbol | Performance information that cannot be collected |
|---|---|
Common | Request processing time |
Microsoft-MS50 Microsoft-MS60 | Request processing time Traffic volume |
Common+Ts Common+Tms | - |
Netscape-Extend | - |
Squid-Native11 | - |
Microsoft-Native | - |
DeleGate-Default | Request processing time |
InfoProxy-Extend | - |
Token | Meaning |
|---|---|
s-time{time-format} | The time when the server finished processing the request |
c-request | The first request that the client sent to the server |
s-method | The method that the client used to send the request to the server (part of c-request) |
s-url | The URL that the client used to send the request to the server (part of c-request) |
s-host | The host name or IP address in the client request to the server (part of s-url) |
s-path | The file path in the client request to the server (part of s-url) |
s-status | The status code that the server sent to the client |
r-status | The status code that the remote server sent to the server |
s-bytes | The number of bytes that the server sent to the client |
s-elapse{elapse-format} | The time that it took for the server to process the request |
* | Variable elements other than the above |
\ | Escape character (add the escape character to specify " or \ as \" or \\) |
The relationship between c-request, s-method, s-url, s-host and s-path is as follows:
For "time-format", specify the format that is used to record times in the log file to be analyzed, using a sequence of tokens and delimiters. The following tokens can be used.
Token | Meaning |
|---|---|
yyyy | Year (2005 to 2038) |
yy | Year (00 to 99) |
mm | Month (01 to 12) |
mon | Month (Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec) |
month | Month (January, February, March, April, May, June, July, August, Septembe r, October, November, December) |
dd | Day (01 to 31) |
HH | Hour (00 to 23) |
MM | Minute (00 to 59) |
SS | Second (00 to 59) |
seconds | Total number of seconds |
For "elapse-format", enter a token to indicate the units for expressing elapsed time. Use either of the following tokens.
Token | Meaning |
|---|---|
s | Elapsed time is expressed in seconds |
ms | Elapsed time is expressed in milliseconds |
Note
Any text in the "format" specification that does not match a token string is treated as a delimiter. Take care to avoid spelling mistakes, as these are also treated as delimiters.
For records in the log file to be analyzed that do not match the entry format specified by the "format" string, information is counted as "unanalyzable record". Also, processing will terminate if there are a certain number of consecutive unanalyzable records from where the log file starts being analyzed. Make sure that the records in the log file to be analyzed correctly match the entry format specified by the "format" string.
If the entry format for the log file is specified using a "format" string, make sure that the following mandatory tokens are specified. Take care, as the log file cannot be analyzed if these mandatory tokens are not specified.
Mandatory tokens |
|---|
s-time |
s-status |
If the entry format for the log file is specified using a "format" string, make sure that the token required for analysis in operation windows is specified.
Analysis (operation window) | Mandatory token |
|---|---|
Various URL-based analyses (Detailed and Report) | s-url (or c-request, s-path) |
TimeZone=timezone
Defines the time zone for the time data recorded in the log file to be analyzed. For "timezone", specify the time difference with respect to Coordinated Universal Time (UTC). The format is shown below.
Format | Description |
|---|---|
[+|-]HHMM | +: Indicates that the time is ahead of UTC. -: Indicates that the time is behind UTC. HH: Hours (00 to 23) MM: Minutes (00 to 59) |
The default setting is as below. For the default setting, this line can be omitted.
TimeZone=+0000
or
TimeZone=0000
Note
Use the manuals for each server to check the local time used by the log file to be analyzed.
Inclusion=inclusive-record
Defines URLs to be analyzed.
Specify this item in order to isolate particular URLs for monitoring and analysis in the Detailed and Report views. For "inclusive-record", specify the path (enclosed in double quotation marks) for the URL to be analyzed, without any parameters or the server name part of the Web content. Up to 1,023 characters can be used. The following characters cannot be used.
^ | [ ] { } < > ( ) & $ # " ' * , ? = : \ |
Up to 20 Inclusion statements can be defined.
If a forward slash is specified at the end of the URL, all of the content under the specified URL (including subdirectories) will be aggregated and monitored as a single URL. However, for the following definition, the forward slash will be treated as a file name, and the content below it will not be aggregated or monitored.
Inclusion="/" |
All URLs not defined by Inclusion statements will be analyzed as "URL [CONTENTS]".
By default, all URLs are analyzed as "URL [CONTENTS]".
For the default setting, this line can be omitted.
The following example shows how Inclusion statements are defined.
Inclusion="/SSQC/eg.htm" Inclusion="/cgi-bin/query.cgi" Inclusion="/tool/program" Inclusion="/segment01/" |
Note
All of the following URLs are monitored as "/SSQC/eg.htm".
http://www.fujitsu.com/SSQC/eg.htm
https://www.fujitsu.com/SSQC/eg.htm
http://www.fujitsu.co.jp/SSQC/eg.htm
Examples
Definition examples are as follows:
[Windows]
[RequestLog] Service=www1 Path="C:\WINNT\system32\LogFiles\W3SVC1\ex*.log" Format="s-time{yyyy-mm-dd HH:MM:SS} * s-method s-url s-status s-bytes" |
[UNIX]
[RequestLog] Service=www2 Type=web Path=/usr/local/apache/logs/access_log Format=Common TimeZone=+0900 Inclusion="/cgi-bin/query.cgi" |
