Wednesday, 21 January 2015

IBM HTTP Server - Custom Logging for Additional Intel

For my current project, I had an interesting discussion with one of our test team, when I was explaining one of my reasons for beating up our developers - the developers, whilst lovely people, were publishing URLs that go directly to the back-end servers ( WAS, BPM, IIB etc. ) rather than going via the front-end IBM HTTP Server boxes.

I then showed how we can then configure the IHS logs to deliver additional metrics, to further assist in the analysis of test results.

This includes content from IHS and also from the down-stream WebSphere Application Server (WAS), the latter representing BPM, ODM, IIB etc.

Here's an example from my own environment: -

Request: GET /images/notes.gif HTTP/1.1 // Status: 304 // Source: 192.168.8.1 // Seconds: 0 // Microseconds: 453
Request: GET /images/background.gif HTTP/1.1 // Status: 304 // Source: 192.168.8.1 // Seconds: 0 // Microseconds: 215
Request: GET /images/help.gif HTTP/1.1 // Status: 304 // Source: 192.168.8.1 // Seconds: 0 // Microseconds: 180
Request: GET /index.html HTTP/1.1 // Status: 200 // Source: 192.168.8.1 // Seconds: 0 // Microseconds: 1247
Request: GET /index2.html HTTP/1.1 // Status: 404 // Source: 192.168.8.1 // Seconds: 0 // Microseconds: 411
Request: GET /snoop HTTP/1.1 // Status: 200 // Source: 192.168.8.1 // Seconds: 0 // Microseconds: 78081


Here I'm showing: -

Request - HTTP method, URI pattern and protocol
HTTP Status Code - 200 = OK, 404 = Not Found, 500 = Internal Server Error
Source IP Address - Where the request is coming from
Duration - Seconds
- Microseconds


configured thus: -

LogFormat "Request: %r // Status: %s // Source: %a // Seconds: %T // Microseconds: %D" dave
CustomLog logs/access_log dave

in httpd.conf.

There are, however, a whole slew of additional parameters that we can use: -

%%   The percent sign
%a    Remote IP-address
%A    Local IP-address
%B    Size of response in bytes, excluding HTTP headers.
%b    Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes are sent.
%{Foobar}C    The contents of cookie Foobar in the request sent to the server.
%D    The time taken to serve the request, in microseconds.
%{FOOBAR}e    The contents of the environment variable FOOBAR
%f    Filename
%h    Remote host
%H    The request protocol
%{Foobar}i    The contents of Foobar: header line(s) in the request sent to the server.
%l    Remote logname (from identd, if supplied). This will return a dash unless mod_ident is present and IdentityCheck is set On.
%m    The request method
%{Foobar}n    The contents of note Foobar from another module.
%{Foobar}o    The contents of Foobar: header line(s) in the reply.
%p    The canonical port of the server serving the request
%P    The process ID of the child that serviced the request.
%{format}P    The process ID or thread id of the child that serviced the request. Valid formats are pid, tid, and hextid. hextid requires APR 1.2.0 or higher.
%q    The query string (prepended with a ? if a query string exists, otherwise an empty string)
%r    First line of request
%s    Status. For requests that got internally redirected, this is the status of the *original* request --- %>s for the last.
%t    Time the request was received (standard english format)
%{format}t    The time, in the form given by format, which should be in strftime(3) format. (potentially localized)
%T    The time taken to serve the request, in seconds.
%u    Remote user (from auth; may be bogus if return status (%s) is 401)
%U    The URL path requested, not including any query string.
%v    The canonical ServerName of the server serving the request.
%V    The server name according to the UseCanonicalName setting.
%X    Connection status when response is completed:
X =   connection aborted before the response completed.
+ =   connection may be kept alive after the response is sent.
- =   connection will be closed after the response is sent.
(This directive was %c in late versions of Apache 1.3, but this conflicted with the historical ssl %{var}c syntax.)
%I    Bytes received, including request and headers, cannot be zero. You need to enable mod_logio to use this.
%O    Bytes sent, including headers, cannot be zero. You need to enable mod_logio to use this.


No comments: