Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Creating summary log files
Help | Content Gateway | Version 8.1.x
Content Gateway performs several hundred operations per second; therefore, event log files can grow quite large. Using SQL-like aggregate operators, you can configure Content Gateway to create summary log files that summarize a set of log entries over a specified period of time. This can reduce the size of the log files generated.
You generate a summary log file by creating a LogFormat object in the XML-based logging configuration file (logs_xml.config) using the following SQL-like aggregate operators:
*
*
*
*
*
You can apply each of these operators to specific fields, requesting it to operate over a specified interval.
Summary log files represent a trade-off between convenience and information granularity. Since you must specify a time interval during which only a single record is generated, you can lose information. If you want the convenience of summary logs and need the detail of a conventional log file, consider creating and enabling two custom log formats—one using aggregate operators and the other not using aggregate operators.
To create a summary log file format:
1.
Navigate to Configure > Subsystems > Logging > Custom to display the logs_xml.config file.
2.
<LogFormat>
<Name = "summary"/>
<Format = "%<operator(field)> : %<operator(field)>"/>
<Interval = "n"/>
</Format>
where:
operator is one of the five aggregate operators (COUNT, SUM, AVERAGE, FIRST, LAST). You can specify more than one operator in the format line.
field is the logging field that you want to aggregate.
n is the interval in seconds between summary log entries.
For more information, see logs_xml.config.
For example, the following format generates one entry every 10 seconds, with each entry summarizing the time stamp of the last entry of the interval, a count of the number of entries seen within that 10-second interval, and the sum of all bytes sent to the client:
<LogFormat>
<Name = "summary"/>
<Format = "%<LAST(cqts)> : %<COUNT(*)> : %<SUM(psql)>"/>
<Interval = "10"/>
</Format>
 
Important 
3.
Define a LogObject that uses this format.
4.
Click Apply.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2016 Forcepoint LLC. All rights reserved.