Log Configuration and iChain
Novell Cool Solutions: Feature
By Timothy Loveridge
Digg This -
Posted: 8 Nov 2006
A Forum reader asked this question:
"I run a web-log analysis service. Typically, I am getting IIS and Websphere logs to my analysis server via FTP. Recently, I have been given a request to analyze logs from an iChain server. I believe the server has six different accelerators, with four acting as a load-balance for a single domain.
I want to determine how to get the different iChain accelerators to FTP their logs to my analysis server. Does anyone have any advice on where I can find information on how to move iChain logs via FTP to a different server?
Amd here's the answer form Novell's Timothy Loveridge ...
The settings you want to work with are "FTP Log Push". If you're in the GUI, there is an "FTP Log Push" button in the Log Options screen of your accelerator configuration. While these settings are available from each individual accelerator, they are global settings. Once you have configured Log Push, it is active for the entire system and all accelerators.
The configuration of the FTP Log Push service itself is pretty simple. The settings are:
- Host Server: Destination FTP server
- Login Name: Username on the FTP server. This user must have rights to create both files and directories on the FTP server.
- Password: Password of the user on the FTP server.
- Default Directory: Top level directory that will receive all logs. If this directory doesn't exist, iChain will create it. (I typically create a directory for each of the iChain boxes individually, so log files for each of the accelerator configurations will not be overwritten by another iChain box's logs.)
- IP Address: The address iChain will use as the source IP when pushing logs. (I typically use the same IP address that I connect to for administration purposes.)
- Delete log files from iChain proxy server after push: Check this box if you want to have the files removed from iChain after a successful push. If this is not checked, log files will remain on the iChain box indefinitely, or will be removed according to your configured log rotation rules. (All logs on the box will be pushed each time, essentially just overwriting files of the same name on the FTP server. Removing files after they are pushed cuts down on unnecessary traffic.)
- Push logs when the logs rollover: Check this box if you want iChain to push the logs according to the rules you have configured for log rotation. If this box is checked, you are not able to select the days and time of the log push.
- Days to push the logs: Available only if not pushing logs on rollover. Check each day that you want log push to happen.
- Time to push the logs: Available only if not pushing logs on rollover. Select the time of day you want log push to happen. You can also select whether this time will be the local time or GMT time. Log types: Select the types of log files to push. Make sure that "Accelerator" is selected if you want your logs to push. (Forward and Cluster look to be "left over" options from the Volera Excelerator from which iChain was spawned years ago. iChain does not offer Forward proxy or Clustered proxy service.)
That's all there is to it. It is important to note that iChain uses ACTIVE FTP to communicate with the FTP server. You will need to make sure that any firewalls between the iChain box and the FTP server are configured properly to allow an Active FTP session through.
There is a "Log push result" box on this screen that can be checked for the status of the last log push attempt. If this box is blank after your scheduled log push time, it's possible that you have a communication problem between iChain and the FTP server, which doesn't allow for Active FTP. Otherwise, you should see either a success or failure message with the time of the attempt.
When Active FTP is not working properly, you will likely see that the directory structure is created successfully on the FTP server, and that a 0 byte file has been created in one of the reverse accelerator directories. Traces taken at the time of the push will confirm whether this is the case. If there is a problem with Active FTP, iChain will not time-out the current FTP Push attempt, and the box will need to be restarted before another attempt will be made.
This should be everything you need to push logs successfully from iChain.
Each iChain box only knows about its own accelerators. It has no idea that any other iChain boxes even exist. The directory you configure in the Default Directory setting is essentially the root directory for that iChain box (not all iChain boxes in your setup).
Each accelerator configuration gets its own directory in the structure. All log files for that accelerator reside in the same directory. So if you have one accelerator that is load balancing four separate origin servers, there is still one log directory for that accelerator.
If you have four separate iChain boxes, each having an accelerator for mydomain.gov, then each box should be configured with a separate Default Directory, which will contain the logs from that box.
If you have four iChain boxes with six accelerators (one accelerator being common on all four boxes), you could set things up something like this:
Default Directory configuration for: iChain1: logs/ichain1 iChain2: logs/ichain2 iChain3: logs/ichain3 iChain4: logs/ichain4
Then the structure on the FTP server would be something like this:
+logs -+ichain1 --+reverse ---+extended ----+mydomain ----+otheracc -+ichain2 --+reverse ---+extended ----+mydomain ----+otheracc -+ichain3 --+reverse ---+extended ----+mydomain -+ichain4 --+reverse ---+extended ----+mydomain
This is with iChain1 and iChain2 having the common accelerator (mydomain) and one other accelerator (otheracc), and iChain3 and iChain4 each having only the mydomain accelerator.
If you were to configure all accelerators with a Default Directory of "logs" instead of "logs/ichainx", then all accelerators would be using the same path for each of the accelerators, with any similarly named accelerators using the same directory, each overwriting the logs of the other. Essentially, all you'd have at the end of the day in the "mydomain" directory would be the logs from the last iChain box to push.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com