Monitoring HTTP Access Logs¶
HTTP access logs help you monitor your application's usage with information such as the persons who access it, how many hits it received, what the errors are, etc. This information is useful for troubleshooting errors.
In API Manager, access logs can be configured for both servlet transport and PassThrough or NIO transports in API Gateway.
Configuring access logs for the HTTP Servlet transport¶
In WSO2 API Manager, the access logs can be generated for HTTP servlet transport which works on 9443/9763 default ports. HTTP servlet transport access logs are useful for analyzing operational/admin-level access details.
In the API Manager, access logs of applications get recorded or written into the <APIM_HOME>repository/logs/http_access_.log
file. The following config enables a new valve that allows logs to get written into the <APIM_HOME>repository/logs/wso2carbon.log
or any other log file and show up on the console.
-
Open the
/repository/conf/deployment.toml file. -
Add the following configuration.
[http_access_log] enabled = true
-
Restart the server.
Following is a sample of access log entries which can be monitored via <API-M_HOME>/repository/logs/http_access_.log
file by default.
- 127.0.0.1 - - [12/Dec/2019:16:53:29 +0530] "POST /token HTTP/1.1" - 125 "-" "-"
- 127.0.0.1 - [12/Dec/2019:16:53:29 +0530] "- - " 200 - "-" "-"
- 127.0.0.1 - - [12/Dec/2019:16:53:29 +0530] "POST /oauth2/token HTTP/1.1" - - "-" "Synapse-PT-HttpComponents-NIO"
- 127.0.0.1 - [12/Dec/2019:16:53:29 +0530] "- - " 200 - "-" "-"
- 127.0.0.1 - - [12/Dec/2019:16:54:38 +0530] "OPTIONS /pizzashack/1.0.0/menu HTTP/1.1" - - "https://localhost:9443/devportal/apis/462a90a2-9f2b-423f-9f58-28b95c30a184/test" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 127.0.0.1 - [12/Dec/2019:16:54:38 +0530] "- - " 200 - "-" "-"
- 127.0.0.1 - - [12/Dec/2019:16:54:38 +0530] "GET /pizzashack/1.0.0/menu HTTP/1.1" - - "https://localhost:9443/devportal/apis/462a90a2-9f2b-423f-9f58-28b95c30a184/test" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
- 127.0.0.1 - - [12/Dec/2019:16:54:38 +0530] "GET /am/sample/pizzashack/v1/api/menu HTTP/1.1" - - "https://localhost:9443/devportal/apis/462a90a2-9f2b-423f-9f58-28b95c30a184/test" "Synapse-PT-HttpComponents-NIO"
As the runtime of WSO2 API Manager is based on Apache Tomcat, you can use the Access_Log_Valve
variable in Tomcat as explained below to configure access logs to the HTTP servlet transport.
Configuring access logs for PassThrough or NIO transports in API Gateway¶
By default, access logs related to service/API invocation are disabled for performance reasons in the above products. You should enable these access log only for troubleshooting errors.
Follow the steps given below to enable access logs for the PassThrough or NIO transport.
-
Open
<API-M_HOME>/conf/log4j2.properties
file and add following configuration forPassThroughAccess
logger.logger.PassThroughAccess.name = org.apache.synapse.transport.nhttp.access logger.PassThroughAccess.level = DEBUG logger.PassThroughAccess.appenderRef.PassThroughAccess_LOGFILE.ref = PassThroughAccess_LOGFILE logger.PassThroughAccess.additivity = false
-
Append
PassThroughAccess
logger name tologgers
configuration, which is a comma-separated list of all active loggers.loggers = PassThroughAccess, AUDIT_LOG, SERVICE_LOGGER, trace-messages,
-
Add following configuration for
PassThroughAccess_LOGFILE
log file.appender.PassThroughAccess_LOGFILE.type = RollingFile appender.PassThroughAccess_LOGFILE.name = PassThroughAccess_LOGFILE appender.PassThroughAccess_LOGFILE.fileName =${sys:carbon.home}/repository/logs/http_gw.log appender.PassThroughAccess_LOGFILE.filePattern =${sys:carbon.home}/repository/logs/http_gw-%d{yyyy-MM-dd}-%i.log appender.PassThroughAccess_LOGFILE.layout.type = PatternLayout appender.PassThroughAccess_LOGFILE.layout.pattern = %msg%n appender.PassThroughAccess_LOGFILE.policies.type = Policies appender.PassThroughAccess_LOGFILE.policies.time.type = TimeBasedTriggeringPolicy appender.PassThroughAccess_LOGFILE.policies.time.interval = 1 appender.PassThroughAccess_LOGFILE.policies.time.modulate = true appender.PassThroughAccess_LOGFILE.policies.size.type = SizeBasedTriggeringPolicy appender.PassThroughAccess_LOGFILE.policies.size.size=100kB appender.PassThroughAccess_LOGFILE.strategy.type = DefaultRolloverStrategy appender.PassThroughAccess_LOGFILE.strategy.max = 20 appender.PassThroughAccess_LOGFILE.filter.threshold.type = ThresholdFilter appender.PassThroughAccess_LOGFILE.filter.threshold.level = DEBUG
Note
In order to customize log pattern use,
access_log_pattern
configuration mentioned in step 5. -
Append
PassThroughAccess_LOGFILE
appender name toappenders
configuration.appenders = PassThroughAccess_LOGFILE, CARBON_CONSOLE, CARBON_LOGFILE,..
-
Create a file named
access-log.properties
in<API-M_HOME>/repository/conf/
location with the following configuration and customize it as required.Warning
All the supported options are in the following file. Therefore, make sure to uncomment the required options to enable them as required.
Note
If you are taking Passthrough access logs from log4j configurations as discussed above, use
access_log_enable
parameter to disable writing logs to a custom log file.# Default access log pattern #access_log_pattern=%{X-Forwarded-For}i %h %l %u %t \”%r\” %s %b \”%{Referer}i\” \”%{User-Agent}i\” # combinded log pattern #access_log_pattern=%h %l %u %t \”%r\” %s %b \”%{Referer}i\” \”%{User-Agent}i\” access_log_pattern=time=%t remoteHostname=%h localPort=%p localIP=%A requestMethod=%m requestURL=%U remoteIP=%a requestProtocol=%H HTTPStatusCode=%s queryString=%q # common log pattern #access_log_pattern=%h %l %u %t \”%r\” %s %b # file prefix access_log_prefix=http_gw # file suffix access_log_suffix=.log # file date format access_log_file_date_format=yyyy-MM-dd #access_log_directory=”/logs” # enable or disable access logging to a custom file access_log_enable=false
You can customize the default format and the configurations of gateway access logs using the following properties that you can define in
access-log.properties
.access_log_directory Add this property ONLY if you want to change the default location of the log file. By default, the product is configured to store access logs in the <APIM_HOME>/repository/logs
directory.access_log_prefix access_log_suffix access_log_file_date_format access_log_pattern The attribute defines the format for the log pattern, which consists of the information fields from the requests and responses that should be logged. The pattern format is created using the following attributes:
-
A standard value to represent a particular string. For example, "%h" represents the remote hostname in the request. Note that all the string replacement values supported by Tomcat are NOT supported for the PassThrough transport's access logs. The list of supported values are given below.
- %{xxx}i is used to represent the header in the incoming request (xxx=header value).
- %{xxx}o is used to represents the header in the outgoing request (xxx=header value).
While you can use the above attributes to define a custom pattern, the standard patterns shown below can be used.
-
common ( Apache common log pattern ):
-
combined ( Apache combined log pattern ):
By default, a modified version of the Apache combined log format is enabled in the ESB as shown below. Note that the "X-Forwarded-For" header is appended to the beginning of the usually combined log format. This correctly identifies the original node that sent the request (in situations where requests go through a proxy such as a load balancer). The "X-Forwarded-For" header must be present in the incoming request for this to be logged.
access_log_enable This is used to enable or disable logging passthrough access logs generated without log4j. The default value is set to
true
. -
-
Add the following configuration in the
<API-M_HOME>/repository/conf/deployment.toml
file. You need to add this configuration in order to make sure that the access logs related to the PassThrough and NIO transports are rotated on a daily basis. If this configuration is not set, all the access log details related to the PassThrough and NIO transports will get logged in a single file. The date will be appended to the access log when it is rotated.[n_http] "nhttp.is.log.rotatable" = "true"
-
Then Restart the server.
-
Invoke an API in API Gateway. Then, navigate to
<API-M_HOME>/repository/logs/
directory, and you will see a newly created log file calledhttp_gw.log
, which contains API invocation related access logs.
Supported log pattern formats for the PassThrough transport¶
Attribute | Description |
---|---|
|
User Agent |
|
Local IP address |
|
Bytes sent, excluding HTTP headers, or '-' if zero |
|
Bytes sent, excluding HTTP headers |
|
Cookie value |
|
Accept header |
|
Accept Encoding |
|
Referer |
|
Transfer Encoding |
|
Remote hostname (or IP address if enableLookups for the connector is false) |
|
Remote logical username from identd (always returns '-') |
|
Accept Language |
|
Keep Alive |
|
Request method (GET, POST, etc.) |
|
Content Encoding |
|
Request Element |
|
HTTP status code of the response |
|
Accept Charset |
|
Date and time, in Common Log Format |
|
Content Type |
|
Remote user that was authenticated (if any), else '-' |
|
Requested URL path |
|
Local server name |
|
Vary Header |
|
Connection Header |
|
Server Header |