IBM Support

HTTP access logging

News


Abstract

HTTP access log contains a record of all inbound client requests handled by HTTP endpoints. You can enable access logging in the IWS server.

Content

What is it?

An HTTP access log contains a record of all inbound client requests handled by HTTP endpoints. You can enable access logging in the IWS server by navigating to the HTTP Access Log tab as follows: Server Properties -> Logging, then selecting the HTTP Access Log tab as shown in the following figure:
image 12633
  • HTTP access logging. Specifies whether to enable or disable application server HTTP access logging.
  • Log file path. Directory path and name of the access log file.
  • Maximum log files. Maximum number of log files that will be kept before the oldest file is removed; a value of 0 means no limit.
  • Maximum log file size. Maximum size of a log file, in megabytes, that a log file can reach before being rolled over; a value of 0 means no limit.
  • HTTP access log format. Specifies the log format that is used when logging client access information. The value for this property is a space-separated list of options. The order that you specify the options determines the format of this information in the log.


    Each option can be enclosed in quotation marks, but the quotation marks are not required. Unless otherwise noted, a value of '-' is printed for an option if the requested information cannot be obtained for that option.

    The Following list indicates the available options and the information that is printed if that option is specified as part of the value specified for this property.

    %a
    Remote address.

    %A
    Local IP address.

    %b
    Response size in bytes excluding headers.

    %B
    Response size in bytes excluding headers. The number 0 is printed instead of dash (-) if no value is found.

    %{CookieNmae}C or %C
    The request cookie specified within the brackets, or if the brackets are not included, prints all of the request cookies.

    %D
    The elapsed time of the request - millisecond accuracy, microsecond precision.

    %h
    Remote host.

    %{HeaderName}i
    The header name specified within the brackets from the request.

    %m
    Request method.

    %{HeaderName}o
    The header name specified within the brackets from the response.

    %q
    Output the query string with any password escaped.

    %r
    First line of the request.

    %{R}W
    Service time of the request from the moment the request is received until the first set of bytes of the response is sent - millisecond accuracy, microsecond precision. The %{R}W option is often a good approximation for application response time (as compared to %D, which is end-to-end response time including client and network).

    %s
    Status code.

    %t
    NCSA format of the start time of the request.

    %{t}W
    The current time when the message to the access log is queued to be logged in normal NCSA format.

    %u
    Remote user according to the WebSphere Application Server specific $WSRU header.

    %U
    URL Path, not including the query string.

Why use it?

Logs are granular, timestamped, complete, and immutable records of application events that can be used for troubleshooting and debugging purposes.
HTTP access logs record information about all requests handled by a web server. The access log is highly configurable, and you define the contents and format of the access log. The log can include information about the IP address of the client making the request, user ID of the person making the request (determined by the HTTP authentication), timestamp when the request was received, the request line, and so on.
Assuming you have an HTTP Server in front of your integrated web services server and that all requests go through the HTTP Server, you can configure access logging for the HTTP Server from the Web Administration GUI.
Logs should be periodically analyzed to ensure no unusual activity is taking place.  For example, if you have 100,000 requests in an hour from one specific IP address.
Logs can also be used to detect API problems, performance or otherwise.  Finally, and most importantly, logging allows one to backtrack and do forensic analysis when an intrusion is detected.
 

Availability

The support is enabled in the following HTTP group PTFs and PTFs:

V7R3M0 SF99722 Level 38
V7R4M0 SF99662 Level 19

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW1A1","label":"IBM Power Systems"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
27 March 2022

UID

ibm16566801