Access Log format ?

Looking at the following log sample (Apache format Access Logs) and the bolded section contained between the <>:
1.1.1.1 - - "16/Feb/2010:11:58:55 +1100" GET http://www.testsite.com 304 0  TCP_CLIENT_REFRESH_MISS:DIRECT 7ms  DEFAULT_CASE-DefaultGroup-DefaultGroup-NONE-DefaultRouting  <Shop,5.0,0,,,,,,,,,,,,> - 2.2.2.2 80 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT  6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR  3.0.30729; Media Center PC 6.0; InfoPath.2; eMusic DLM/4)" "Shopping"
This particular log sample has 15 fields between the <>. Every other log sample I've seen has 17 fields between the <>. So my question is, why would this happen? Is there some configuration on the Ironport itself that would modify this part of the logs? I know what some of those particular fields contain but is there a breakdown for what all those fields contain?

This portion of the accesslog contains both the web category as well as the response from the various DVS engines.  The actual fields will vary depending on the features/code that is installed.  For example, in the upcoming 7.0 code there are several new fields to as a result of AVC (Application Visibility Control).  Similarly, when Cisco Web Usage Controls are enabled there are additional fields which note dynamically learned content.
The best reference for each specific field, including between the <>'s, is the user guide which can be downloaded from the Cisco/IronPort Customer Support Portal.

Similar Messages

  • Change access log format

    Hi everybody
    I want to change the access log format of Sun Java Application Server 8.1 2005 Q2...
    I want to include session id information in it ...so i changed the log format using the admin console gui Configuration->httpservice->Access logs...
    The domain.xml file reflected the change as....
    <access-log format="%client.name% %auth-user-name% %datetime% %request% %status% %response.length%" rotation-enabled="true" rotation-interval-in-minutes="1440" rotation-policy="time" rotation-suffix="%YYYY;%MM;%DD;-%hh;h%mm;m%ss;s" />
    to
    <access-log format="%client.name% %auth-user-name% %datetime% %request% %status% %response.length% %cookie.value%" rotation-enabled="true" rotation-interval-in-minutes="1440" rotation-policy="time" rotation-suffix="%YYYY;%MM;%DD;-%hh;h%mm;m%ss;s" />
    But even after i restarted my server,the logs are getting stored in the default format itself....
    Am i missing some step....can somebody tell me the detailed procedure....

    It is a bug(see 6352797) fixed in Patch 07. You should get your appserver patched with one of the following, depending on platform/installation:
    Packaged based:119166-14, 119167-14, 119168-14
    File based:
    EE: 119169-06, 119170-06, 119171-06
    PE: 119173-06, 119174-06, 119175-06, 119176-06

  • How to set access.log format to "combined"

    Hello,
    I'm trying to get AWStats working on Solaris and have that working fine, but to get more information, I need to set the log format to "combined".
    Question is: is there a way to modify what is output in the access.log?

    SHOULD I RECOMPILE and specify the access method?
    Should i change line 1131 in db4.cpp to DBTYPE type = DB_QUEUE; ???

  • Access Log format for Sun One Web Server 6.0 SP6

    Is it possible to add the Process Id to the access log? If so, what is the proper format for the access log entry in magnus.conf. We would like to be able to see which process each request used, just like in the error log.
    Thanks

    User agent and referer information can be logged. Refer to following docs(see under Table 7-1):
    http://docs.sun.com/source/816-5686-10/07_magnu.htm#33046
    Thanks,
    Manish

  • Access log formatting

    Hi all,
    I currently have a log format as follows:
    format.access="%Ses->client.ip% | %SYSDATE% | \"%Req->reqpb.clf-request%\" | %Req->srv
    hdrs.clf-status% | %Req->srvhdrs.content-length% | %Req->headers.referer% | \"%Req->headers.user-agent%\" | %Req->reqpb.method
    % | %Req->reqpb.uri% | %Req->reqpb.protocol%^"
    I would like to change the [%SYSDATE%] parameter to our own format as we do not need to GMT offset.
    i.e. dd/mm/yyyy hh:mi:ss which equates to \"%D %T\" but when I put this in the magnus, then tail the logs I get "-T"
    Please help it's driving me mad!!
    LL

    Unfortunately, %D and %T aren't flex-log format components. The server is replacing the unknown "%D %" component with a dash. The only date flex-log format components are %SYSDATE% and %LOCALETIME%.

  • Reg: weblogic 5.1 access log format

    I'm using weblogic 5.1 with sp 13
    If i dispatch the request from the servlet to jsp it's not logged in the access.log
    and also i need to have the response time also for the particular jsp.
    Is there any way to do the above things.
    Regards
    Hari

    Hi.
    Looks like you're right. Please open a case with support to get these and refer to
    the following bug numbers: CR052727 and CR045962. These are pending issues to update
    the PDF files and restore the links to the PDF files.
    Thanks,
    Michael
    sudarson wrote:
    Hi All,
    Previously weblogic 5.1 docs were available in weblogic site. But now when I tried
    to find those pdfs in the site , I couldn't find out. Instead, now it's available
    in only zipped html form.Can any body pls tell me where can I get those pdfs ?
    Thanks and Regards,
    Sudarson--
    Developer Relations Engineer
    BEA Support

  • Access Logging in OC4J

    I can get the various websites like the default-web-site to output access log information but they never have userid info in them, only "- -" even users are logged in. No userids appear in OHS access logs either. Apps frontended by SiteMinder have both REMOTE_USER and SMSESSION populated but no userid makes it into the access logs. Any ideas?

    I'd never done it, but it does look like you can specify a format for the access-log entries:
    http://download.oracle.com/docs/cd/B25221_04/web.1013/b14432/website.htm#BABFGJHD
    The format string looks like it supports a field called $user, which may give you what you want.
    As a test, using OC4J 10.1.3.3, I just set mine up as follows in default-web-site.xml:
    <web-app application="ascontrol" name="ascontrol" load-on-startup="true" root="/em" ohs-routing="false" access-log="true"/>
    <access-log path="../log/default-web-access.log" format="$ip - $user '$request' $status $size"/>
    I then started OC4J, accessed the ascontrol application and logged in as the oc4jadmin user.
    In the access log, the following entries were produced that clearly lists the user I logged in as:
    127.0.0.1 - - - [127.0.0.1 - - 'GET /em/console/ias/oc4j/home HTTP/1.1' 200 9654
    127.0.0.1 - 'oc4jadmin' 'POST /em/j_security_check HTTP/1.1' 302 207
    127.0.0.1 - 'oc4jadmin' 'GET /em/console/postLogon HTTP/1.1' 200 4731
    127.0.0.1 - 'oc4jadmin' 'POST /em/console/postLogon HTTP/1.1' 302 180
    127.0.0.1 - 'oc4jadmin' 'GET /em/console/ HTTP/1.1' 302 156
    127.0.0.1 - 'oc4jadmin' 'GET /em/ HTTP/1.1' 200 185
    127.0.0.1 - 'oc4jadmin' 'GET /em/console/ias/oc4j/home HTTP/1.1' 200 21610
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cghee.gif HTTP/1.1' 200 76
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cghes.gif HTTP/1.1' 200 109
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cstlu.gif HTTP/1.1' 200 43
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/en/bRestOXOP.gif HTTP/1.1' 200 460
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/en/bStopDwKu.gif HTTP/1.1' 200 426
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cstru.gif HTTP/1.1' 200 44
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cstll.gif HTTP/1.1' 200 44
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cghec.gif HTTP/1.1' 200 93
    127.0.0.1 - 'oc4jadmin' 'GET /em/cabo/images/cache/cstrl.gif HTTP/1.1' 200 43
    127.0.0.1 - 'oc4jadmin' 'GET /em/images/trafficGreen.gif HTTP/1.1' 200 1213
    127.0.0.1 - 'oc4jadmin' 'GET /em/dynamicImage/emSDK/chart/EmChartBean?beanId=D659A5D6B83129E7F46647BB382F045B.gif HTTP/1.1' 200 3359

  • Using extended common log format

    Hello
    I wanted to set up access log file format to capture referer and user-agent info.
    After reading the docs I added the 2 variables via admin console.
    So HTTP Service ->Access Log -> Format contains following:
    %client.name% %auth-user-name% %datetime% %request% %status% %response.length% %header.referer% %header.user-agent%After saving and restarting the domain, I am still not getting the referrer and user agent.
    There is not even a "-" indicating that the info was unavailable....
    Any thoughts?
    Z....

    Can someone please help me with this issue.
    Our company needs extensive web metric reports and the only way to do so is by adding more info in the logs.
    Again, following is my Configuration->HTTP Service->Access Log setup from the admin console.
    Rotation: Enabled
    Rotation Policy: time
    Rotation Interval: 1440
    Rotation Suffix: %YYYY;%MM;%DD;-%hh;h%mm;m%ss;s
    Format: %client.name% %auth-user-name% %datetime% %request% %status% %response.length% %header.referer% %header.user-agent% %cookie.value%Again, the log does not record last 3 values....There are not even "-" indicating missing values.
    Much appreciated.
    Z

  • File name format of rotated access log

    Hi,
    I'm using wls5.1sp9 on Solaris.
    Is it possible to specify a different file name format of the rotated http access
    logs?
    Instead of getting files named access.log0001 and so on, I would prefer access.log.<date>
    or some other custom format.
    Best regards,
    Torleif Galteland

    Hi,
    Thanks for your response. But I have another query. The name of the file as per your reply is like UsageReport.xls correct? Now my query is, should it contain some date,account id/orgid etc associated for that usage. The reason for my query is that if MSP
    downloads the usage for different orgs having same bill date then it would conflict with the different usage files.
    Thanks And Regards,
    Sumanta Saha

  • Extended format of access.log and log rotation

    I am using WebLogic Server 6.1sp1. I want to use extended format of web
    server access log. I also want to use log rotation based on date. But it
    seems not to work together. After my investigation I can say:
    - access.log in common format can be rotated based on date an on size,
    - access.log in extended format (either in its default form or
    completely redefined) cannot be rotated neither based on date nor size.
    In the second case at first time WebLogic tries to rotate logfile
    IOException is thrown with a message like "java.io.IOException: Failed
    to rename log file on attempt to rotate logs". Than it throws
    IOException with a message "Exception flushing HTTP log file. (Bad file
    descriptor)." when it tries to flush content of logfile to the disk.
    After that WebLogic server stops to write to access.log.
    Is it possible to rotate access.log in extended format?
    Thanks,
    Andrzej Derlacki
    Infovide, Poland
    [email protected]
    [email protected]

    i am pasting the entries below which i see in the log( access_log ) . I don't see DEBUG in them.
    <AGENT_IP_ADDRESS> - - [29/Jun/2007:09:48:23 -0400] "GET /em/upload?ACTION=HEARTBEAT&EMD
    _URL=https%3a%2f%2flph010%2egep%2ege%2ecom%3a3872%2femd%2fmain%2f&HEARTBEAT_TI
    ME=2007-06-29+09%3a40%3a09&OUTSTANDING_SEVS=FALSE&EMD_UPTIME=2007-06-18+10%3a20%
    3a23&OLDEST_COLL_TIME=2007-06-29+09%3a40%3a09&INSTALL_TYPE=agent&X-ORCL-EMOV=4%2
    e0%2e0&X-ORCL-EMCV=10%2e2%2e0%2e1%2e0&X-ORCL-EMSV=10%2e2%2e0%2e1%2e0 HTTP/1.1" 2
    00 5
    <AGENT_IP_ADDRESS>- - [29/Jun/2007:09:48:23 -0400] "GET /em/upload?ACTION=HEARTBEAT&EM
    D_URL=https%3a%2f%2fprdes%2eeur%2egep%2ege%2ecom%3a3872%2femd%2fmain%2f&HE
    ARTBEAT_TIME=2007-06-29+15%3a48%3a23&OUTSTANDING_SEVS=FALSE&EMD_UPTIME=2007-06-1
    8+18%3a27%3a33&OLDEST_COLL_TIME=2007-06-29+15%3a48%3a23&INSTALL_TYPE=agent&X-ORC
    L-EMOV=4%2e0%2e0&X-ORCL-EMCV=10%2e2%2e0%2e1%2e0&X-ORCL-EMSV=10%2e2%2e0%2e1%2e0 H
    TTP/1.1" 200 5
    <AGENT_IP_ADDRESS> - - [29/Jun/2007:09:48:24 -0400] "GET /em/upload?ACTION=HEARTBEAT&E
    MD_URL=https%3a%2f%2fug038%2egep%2ege%2ecom%3a3872%2femd%2fmain%2f&HEARTBEAT_
    TIME=2007-06-29+22%3a19%3a35&OUTSTANDING_SEVS=FALSE&EMD_UPTIME=2007-06-18+18%3a3
    7%3a03&OLDEST_COLL_TIME=2007-06-29+22%3a19%3a35&INSTALL_TYPE=agent&X-ORCL-EMOV=4
    %2e0%2e0&X-ORCL-EMCV=10%2e2%2e0%2e1%2e0&X-ORCL-EMSV=10%2e2%2e0%2e1%2e0 HTTP/1.1"
    200 5

  • Change Date Format in iplanet Access logs

    Hi,
    We are currently using iplanet web server. The default date format in the access logs is dd/mmm/yyyy:HH:MM:SS GMT. How can we change this format to yyyy/mm/dd:HH:MM:SS GMT.
    Thanks in advance

    Sorry, I don't know enough about web server to answer you.

  • Change Date Time format in Iplanet Access logs

    Hi,
    We are currently using iplanet web server. The default date format in the access logs is dd/mmm/yyyy:HH:MM:SS GMT. How can we change this format to yyyy/mm/dd:HH:MM:SS GMT.

    You should not change this format. The default date format complies with the "common log format" which is readable by many log analysis tools.
    That said, if you still want to change the date format, you can replace %SYSDATE% with %LOCALEDATE% in your flex-init line. LOCALEDATE will cause the WS to use the date format set by your OS.

  • Access.log separator character is tab (tabulation in french) would like to have space and date format

    Hi, I'm french (excuse me for my bad english)
    I work with weblogic v.12C
    I reach to produce the access.log rotating daily whith several information (ip statut ...)
    1) I have a problem : the different information present in the file access.log are separate by a tab (tabulation) I would like to have space separator ' ' !
    It is possible ? who can I do ?
    2) the date present in the access.log file is actually like that : dd/MM/YYYY (elf-fields-> date) hh:mm:ss (elf-fiels -> time)
    dd/MM/YYYY and hh:mm:ss are separate by a tab (tabulation)
    I would like to have this format      :    dd/MM/YYYY hh:mm:ss (a space separator), , what i have to put in elf-fields to do so ?
    Or I would like to have this format :     [dd/mon/yyyy:hh:mm:ss +0000], who can i do that, what i have to put in elf-fields to do so ?
    remarks :
    ->on the web i read this :
    The Common Log Format is the default log format used by WebLogic..
    ... remotehost RFC931 authuser [day/month/year:hour:minute:second  UTC_offset] "request" status bytes
    when i put that in elf-fileds :  [dd/MM/YYYY:hh:mm:ss] it that doesn't "work" I have - in my acces.log file in place of the date .
    -> first line of my acces.log file :
    Format : Extended
    Extended Logging Format Fields : date time cs-method cs-uri sc-status time-taken cs(user-agent)
    thanks in advance for your help.

    Hi, I'm french (excuse me for my bad english)
    I work with weblogic v.12C
    I reach to produce the access.log rotating daily whith several information (ip statut ...)
    1) I have a problem : the different information present in the file access.log are separate by a tab (tabulation) I would like to have space separator ' ' !
    It is possible ? who can I do ?
    2) the date present in the access.log file is actually like that : dd/MM/YYYY (elf-fields-> date) hh:mm:ss (elf-fiels -> time)
    dd/MM/YYYY and hh:mm:ss are separate by a tab (tabulation)
    I would like to have this format      :    dd/MM/YYYY hh:mm:ss (a space separator), , what i have to put in elf-fields to do so ?
    Or I would like to have this format :     [dd/mon/yyyy:hh:mm:ss +0000], who can i do that, what i have to put in elf-fields to do so ?
    remarks :
    ->on the web i read this :
    The Common Log Format is the default log format used by WebLogic..
    ... remotehost RFC931 authuser [day/month/year:hour:minute:second  UTC_offset] "request" status bytes
    when i put that in elf-fileds :  [dd/MM/YYYY:hh:mm:ss] it that doesn't "work" I have - in my acces.log file in place of the date .
    -> first line of my acces.log file :
    Format : Extended
    Extended Logging Format Fields : date time cs-method cs-uri sc-status time-taken cs(user-agent)
    thanks in advance for your help.

  • How to turn off  "DEBUG SOURCE=cs Setting status to 304 for file="  in access.log

    I see this entry in the log file every few seconds. How can I turn this OFF? I
    can set the EnableLogfile to false but then I don't get any logs. We are running
    WLS 5.1.
    Regards,
    Pat.

    Pat:
    I dont see this string appearing anywhere in the src in any version of th
    510 line (all Sp's included).
    What version of 5.1? i.e. what SP?
    Are you using extended log format? Did a developer write a custom elf logger
    package?
    What are the ELF headers at the top of the access.log?
    Cheers
    mbg
    "Pat" <[email protected]> wrote in message
    news:[email protected]..
    >
    I see this entry in the log file every few seconds. How can I turn thisOFF? I
    can set the EnableLogfile to false but then I don't get any logs. We arerunning
    WLS 5.1.
    Regards,
    Pat.

  • Custom ELF Displays ' - ' in Extended access log

    I am trying to capture some pretty basic custom fields in the extended access log.
    I have created the appropriate class files and formatted the access.log correctly.
    I know this because when I run Web Logic 6.1 on my windows desktop the Extended
    Access Logs displays the values correctly.
    When I move the JAR file containing the ELF Classes to a SunOS server with Web
    Logic 6.1 the Extended Access Log contains only '-' for the custom fields. I ran
    some JSP files on the sun server to pull the values from the Request to make sure
    they were not null. They display correctly on the JSP so I know the values exsist
    within the request.
    The mystery is why won't they display in the access.log on the sun machine? Has
    anyone else experinced this? Are there any settings I should be checking for on
    the sun servers console?
    Facts:
    * The classes ae correct becuase they display correctly on the windows machine
    * The request on the sun server contains my ELF values becuase I can print them
    on a jsp page
    * The JAR file which contains the ELF classes is sitting outside of the application
    and loads in the classpath successfully.(I know this because I had it wrong and
    couldn't start the server)

    I am trying to capture some pretty basic custom fields in the extended access log.
    I have created the appropriate class files and formatted the access.log correctly.
    I know this because when I run Web Logic 6.1 on my windows desktop the Extended
    Access Logs displays the values correctly.
    When I move the JAR file containing the ELF Classes to a SunOS server with Web
    Logic 6.1 the Extended Access Log contains only '-' for the custom fields. I ran
    some JSP files on the sun server to pull the values from the Request to make sure
    they were not null. They display correctly on the JSP so I know the values exsist
    within the request.
    The mystery is why won't they display in the access.log on the sun machine? Has
    anyone else experinced this? Are there any settings I should be checking for on
    the sun servers console?
    Facts:
    * The classes ae correct becuase they display correctly on the windows machine
    * The request on the sun server contains my ELF values becuase I can print them
    on a jsp page
    * The JAR file which contains the ELF classes is sitting outside of the application
    and loads in the classpath successfully.(I know this because I had it wrong and
    couldn't start the server)

Maybe you are looking for

  • In photoshop cc is not working properly right button on the tablet stylus genius

    in photoshop cc is not working properly right button on the tablet stylus, when clicked, the menu appears and immediately disappears in Pshotosho CS6 everything was OK, and in other programs all OK. Tablet - Genius G-Pen M712X.

  • Clean install of windows 7 - how to install drivers from USB memory stick?

    I purchased a Toshiba Satellite C50 loaded with windows 8 but want to revert to windows 7. I have downloaded the necessary drivers and have mounted the .exe files onto a USB pen for installation. Before I proceed to wipe windows 8 I'd like to know -

  • Why is my Page looking like this?

    I have essentially the same page uploaded and I have no idea why one is looking like it does and the other is fine. The one that is the DSMS Home is the one I need to look correct. The other one is a test of that page before I made it the homepage of

  • Mac newbie - How do I uninstall??

    I have never had to uninstall a program on my Mac, but Logic Express 7.1.1 is constantly crashing on me. So I want to uninstall it then reinstall it. Not sure how to do this on Tiger. Thanks!

  • USING IPHONE FOR DIALUP

    Can anyone please help with setting up an Iphone 4 as a dial up modem? If it is at all possible. Cheers