Technical Library
|
Support
Working With Log Files
>
Event log file formats
>
Custom format
> Creating summary log files
Creating summary log files
Help | Content Gateway | Version 8.3.x
Content Gateway performs several hundred operations per second; therefore, event log files can grow quite large. Using SQL-like aggregate operators, you can configure Content Gateway to create summary log files that summarize a set of log entries over a specified period of time. This can reduce the size of the log files generated.
You generate a summary log file by creating a
LogFormat
object in the XML-based logging configuration file (
logs_xml.config
) using the following SQL-like aggregate operators:
COUNT
SUM
AVERAGE
FIRST
LAST
You can apply each of these operators to specific fields, requesting it to operate over a specified interval.
Summary log files represent a trade-off between convenience and information granularity. Since you must specify a time interval during which only a single record is generated, you can lose information. If you want the convenience of summary logs and need the detail of a conventional log file, consider creating and enabling two custom log formats—one using aggregate operators and the other not using aggregate operators.
To create a summary log file format:
1.
Navigate to
Configure
>
Subsystems
>
Logging
>
Custom
to display the
logs_xml.config
file.
2.
Define the format of the log file as follows:
<LogFormat>
<Name = "summary"/>
<Format = "%<
operator
(
field
)> : %<
operator
(
field
)>"/>
<Interval = "
n
"/>
</Format>
where:
operator
is one of the five aggregate operators (
COUNT
,
SUM
,
AVERAGE
,
FIRST
,
LAST
). You can specify more than one operator in the format line.
field
is the logging field that you want to aggregate.
n
is the interval in seconds between summary log entries.
For more information, see
logs_xml.config
.
For example, the following format generates one entry every 10 seconds, with each entry summarizing the time stamp of the last entry of the interval, a count of the number of entries seen within that 10-second interval, and the sum of all bytes sent to the client:
<LogFormat>
<Name = "summary"/>
<Format = "%<LAST(cqts)> : %<COUNT(*)> : %<SUM(psql)>"/>
<Interval = "10"/>
</Format>
Important
You cannot create a format specification that contains both aggregate operators and regular fields. For example, the following specification would be invalid:
<Format = "%<LAST(cqts)> : %<COUNT(*)> : %<SUM(psql)> : %<cqu>"/>
3.
Define a
LogObject
that uses this format.
4.
Click
Apply
.
Working With Log Files
>
Event log file formats
>
Custom format
> Creating summary log files
Copyright 2016 Forcepoint LLC. All rights reserved.
