.png?sv=2022-11-02&spr=https&st=2024-09-08T00%3A47%3A50Z&se=2024-09-08T00%3A57%3A50Z&sr=c&sp=r&sig=2RUKN7nhSC4SU5r03RG2fdAmsh%2B8BlEVsSI2UEGBiTs%3D){kind=logo}
Web Server Access Log
- 10 Jul 2024
-
DarkLight
-
PDF
Web Server Access Log
- Updated on 10 Jul 2024
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
This guide explains how to use a Web Server Access Log to see a commonly used log file which shows the calls made to the web server within Itential Automation Platform (IAP).
You will need to access the Profile application within Admin Essentials. Navigate to IAP → Admin Essentials → Profile. For more information, see Profiles.
Common Log Format
The log format for the Web Server Access Log is a stringified JSON object with each key mapping to a part of the Common Log Format. Since this is a JSON format, the ordering of the keys is not guaranteed. The keys, in the order they appear, in a traditional Common Log Format are referenced below.
| Key | Description |
|---|---|
remote_addr |
The IP address where the request comes from. |
remote_user |
The username within IAP that made the request. If the user is not authenticated, a value of anon will be used instead. |
date |
The date the request was made in the Common Log Format. |
method |
The HTTP method of the request (GET, PUT, POST, or DELETE). |
url |
The url path used by the request. |
http_version |
The HTTP version used to make the request. |
status |
The status code returned as a response. |
result_length |
The size of the response data in bytes. If this cannot be parsed, a value of "-" will be used instead. |
Configuration
The Web Server Access Log currently has two different configurable properties that can be edited within an IAP profile by updating loggerProps in the Profile Properties. Both properties can be found in the webserver section of the Configure tab. Example input is shown in the figure below.
| Property | Description |
|---|---|
| log_directory | The file path to the directory where the access logfile will be stored. |
| log_filename | The exact name for the web server access logfile that will be created and used to store all access logs. It will be located within the log_directory specified. |
Figure 1: Profile Properties
Log Rotation
There is no automatic log rotation built into the Web Server Access Log which means that configuring an external log rotator is very important. One very useful tool to accomplish this is logrotate, a Linux tool that can automatically rotate a log file based on configured parameters. It can be installed simply by using your package manager and running:
RHEL/CentOS
yum install logrotate
Verify that logrotate is installed, and then check the configuration file, which for this example will be at /etc/logrotate.conf. There may be other ways to handle configuration such as inside the /etc/logrotate.d/ folder. The following is an example configuration where the webserver logfile is named webserver.log and is located at /var/log/pronghorn.
/var/log/pronghorn/webserver.log {
rotate 10
size 10M
nocompress
}
In the above example, the logs will be rotated a maximum of 10 times before the old log files will be deleted. It will only rotate the logs when their size exceeds 10 megabytes, as specified by 10M in the configuration file. Finally, it will not compress files when it rotates them, as defined by nocompress, which it would otherwise do automaticallly if not specified.
Below is another possible configuration file:
/var/log/pronghorn/webserver.log {
weekly
rotate 20
postrotate
echo Hello World
endscript
}
In this example, the logs will rotate weekly instead of rotating based on any fixed size. It will also rotate a maximum of 20 times. Finally, there is a postrotate script included, which means that in this case, any time the logs are rotated it will echo Hello World to the console. It may be useful to configure a custom script to run whenever logs rotate.
Running this command will start the log rotation:
logrotate /etc/logrotate.conf
If you wish to force a rotation immediately, even when the various initiators of a rotation such as file size have not been met, run the following command:
logrotate -f /etc/logrotate.conf
Querying Log Files
The log files can be queried using basic command line tools such as grep to search the file for a given pattern.
Using GREP or Similar Command Line Tools
If a user wanted to find any API requests made by a user named admin for the log file named webserver.log, they could use the following command:
grep '"remote_user":"admin"' webserver.log
In order to retrieve all the times a user has made a request to a specific route, such as GET /health/system for example, they could use the following command:
grep -E '"url":"/health/system"' webserver.log | grep '"verb":"GET"'
There are many other ways grep and similar command line tools can be used to query information from the JSON logs. Since all data values are preceded by a key, such as url or remote_user, it is possible to do standard queries on any value.
Using Third-Party Visualization Tools
The log format used by the access log should work with various third-party tools which support a standard JSON log format. These can be used for more advanced queries or visualization of logging information.
Was this article helpful?
