[ Table of Contents ] [ Previous Chapter ] [ Next Chapter ]
iTools maintains two kinds of logs: Apache log and Squid log. The Apache log is contained in the /Local/Library/Webserver/Logs/apache_access_log file by default. This log records the activity of the Apache server only.
The Squid caching server keeps it's own logs. Squid's logs its activity in the /Local/Library/Webserver/Logs/iTools.log file. This file is known as the "TransferLog" file when squid is enabled. The When squid is disabled, the "TransferLog" becomes the apache_access_log.
iTools uses it own /Local/Library/WebServer/tenon/logs directory for logs specific to iTools. This directory contains the iTools config, updates, startup, and status logs. For more information on these iTools logs, see See Server Controls.
Before you can analyze your log files, you need to understand what kind of data is actually recorded there, as well as its format. The most commonly used log-file format is called the CLF (Common Log Format). Most Web servers offer CLF at least as an option, if not the default. Each line in a CLF log file
corresponds to a single request made by the user to the Web server. The format specifies data such as the machine name or IP address from which the user made the request, as well as the information on the resource requested.
The Apache-based logging is controlled via the Administration Server (http://servername/itools_admin). The log file is set by default to /Local/Library/WebServer/Logs/apache_access_log.XXXXXXXXXX and is rolled daily. The 10 digits appended to the end of the apache access log is the date that the file was rolled on. Apache always logs it's activity into the apache_access_log file independent of the caching server (Squid) status.
If you decide to use Apache logging only you must start by turning off the Squid cache. To do this, click on the Cache button to get to the Cache Settings screen. From the Cache Setting screen click the AcceleratorCache toggle switch to the off position. Squid is only turned off when you click Save Cache Settings. Once Squid is turned off, return to the home page. Click on the Server Defaults button to apply your configuration to the whole site, or click on each individual Virtual Host Config button to apply your configuration to that individual site. Once caching is disabled, only Apache will be logging. When Apache is logging, you can use Apache's more advanced "CustomLog" directive to log. This directive must be sat by hand in the apache.conf file. In the apache.conf file the directive "LogFormat" defines a log format. For example, the line below defines a format called common.
LogFormat "%h %l %u %t \"%r\" %>s %b" common
To create a format, insert your choice of Format Symbols, with a percent sign before each symbol. For example "%h %l %u %t %r %b" would be a functional format setting. Don't forget the quotation marks.
This can then be used with the directive "CustomLog" as in the example below which would create an automatically rotated log in the "common" format.
CustomLog "|/usr/sbin/rotatelogs /Local/Library/WebServer/Logs/apache_access_log 86400" common
To disable the "TransferLog", which doesn't use the "LogFormat" defined formats, comment out the "TransferLog" line in the iTools.conf file.
%h (The hostname of the client, (or IP number if hostname is not available or if
%u (remote user from authorization, if any.)
%t (date and time in CLF format: (day/month/year:hour:minute:second zone.))
%r (first line of request exactly as it came from the client (i.e., the file
name, and protocol requested.))
%s (original http request status code returned to client before internal
redirection. Indicates where or not the file was successfully retrieved,
and if not, what error message was returned.)
%>s (final http request status code.)
%b (number of bytes sent, not including headers.)
%T (transfer time or time taken to serve a request in seconds)
%p (TCP port of the server servicing the request)
%P (process ID of the server servicing the request)
%l (the clients remote logname, if supplied)
%v (name of (virtual) server servicing request)
%{}n (contents of note from another module in brackets)
%{}i (Input header item in brackets)
%{Referer}i (The URL the client was on before requesting your URL.
%{User-agent}i (The identity of the client software (browser.))
%V (The server name according to the UseCanonicalName setting.)
Notice in the above list, the input and output header commands. The
referer and user-agent commands are described in the list of commonly
Like the Apache logging, if there isn't a file name and path in the TransferLog Directive on the (Virtual Host Config) screen, then Squid will not write the log to disk. When Squid is enabled, the directive "CacheTransferLog" in the iTools.conf file specifies the TransferLog file. When Squid is disabled, Apache takes responsibility for logging and uses the TransferLog directive with the Transfer log file specified in the Administration server. The default Squid log format is:
Client Ident - [Timestamp1] "Method URI" Type Sizes
This logging configuration can not be changed, but you can add HTTP Header Fields. If you edit the /Local/Library/WebServer/tenon/squid/etc/squid.conf file, near the end of the file, you will notice the lines:
# Append individual HTTP request headers to CLF log entry
#log_http_hdrs Referer User-Agent
These are the commented entries. The pound sign indicates that these lines are comments only. The last line is an example implementing the most popular HTTP Header Fields, Referer and User-Agent. Using the same format, you can add any Header Field you want. Or you can remove the # on the last line and log these example Header Fields.
If you need more information on understanding the information in the log files or the configuration of Squid, then check Squid Log Files. If you need to roll your log file or split it in to multiple files by host, a logsplitter script is provided on the iTools CD or downloadable from the Tenon web site.
[ Table of Contents ] [ Previous Chapter ] [ Next Chapter ]