BorderManager Logging Configuration

Novell Cool Solutions: Feature
By Marcus Williamson

Digg This - Slashdot This Posted: 10 Jun 2002

Marcus Williamson shared several deployment documents he has written for clients, and has graciously allowed us to excerpt sections that we think will be of interest to you. Here's an excellent overview of how to configure BorderManager Logging.

Configuration for BorderManager logging is carried out by highlighting the "Proxy Cache Services" service and double-clicking, as can be seen in this screenshot:

The following text is displayed:

This indicates that logging has been enabled for HTTP using the "common" log format and that a log level of 1 is currently being used. The log levels are defined by Novell in the BorderManager Help file, for BorderManager 2.1, as follows:

0---No information.

1---Internet access information. The server records the user's fully distinguished Novell Directory Service* (NDS*) name, the access protocol (HTTP, for example), and the destination (www.novell.com, for example).

2---Error codes (NDS errors, for example). Level 2 information can help you determine why a user cannot access a particular service.

3---Debugging information (internal server communications, such as socket calls). Level 3 information is typically of interest only to software developers.

When logging has been enabled and the BorderManager Proxy reloaded, the BorderManager server creates one log file per day in the directory:

SYS:ETC\PROXY\COMMON

The files are named in the format:

yymmdd.log

Be aware that log files can become extremely large. At one government installation, testing showed that on average each daily log file was around 50-60 megabytes in size. If your SYS volume is not large enough to accommodate your log files, you should move them from the SYS volume to the DATA volume on a weekly basis. You could create a directory named something like DATA:LOGS for this purpose.

Reporting

As the log files are so large, it is not recommended that they be browsed manually, although this method can be used if looking for specific events.

Instead, it is recommended that a log file analyser package be used. Some examples of available log file analysers are:

• Analog
• BRDSTATS
• WebTrends for Firewalls and VPNs

Analog

Analog is a free tool available at: http://www.analog.cx/

The program generates an HTML-based report containing a summary of Proxy use.

To run ANALOG, modify the ANALOG.CFG file to contain the appropriate parameters, then run ANALOG.EXE. The only parameter which normally requires changing is the LOGFILE location:

LOGFILE c:\logs\access_log

BRDSTATS

BRDSTATS is a free tool available in our Cool Tools section.

To use BRDSTATS, copy the file into the log file directory, then go to a DOS prompt and type :

BRDSTATS

BRDSTATS creates an HTML file containing a summary of statistics for each day of BorderManager operation, as well as the file INDEX.HTM, which acts as a "table of contents" for the reports produced.

WebTrends Firewall Suite

An evaluation version of the "WebTrends Firewalls Suite" software, previously known as "WebTrends for Firewalls and VPNs", can be obtained from the WebTrends web site at http://www.webtrends.com/

This software provides analysis of the BorderManager "Common" log files, producing a web page of statistics and graphs which can be printed or published on your intranet.

For More Information

Further information can be found in the AppNote "Understanding BorderManager HTTP Proxy Logs", by Marcus Williamson, Novell Research AppNotes, January 2002

This AppNote relates specifically to BorderManager 3.x, but provides valuable background information on logging and reporting which also applies to BorderManager 2.x.

---

Marcus Williamson
Connectotel Ltd
http://www.connectotel.com/

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com