Server Logs

Intro
Installation
SysAdmin 
Logs
Router 
Protection 
Security 
PKI 
Intercept 
Scalability 
Alerts 
Triggers 
Network
Objects
Transfer
Signals
Access
Services
Directory
Clusters
Applications
WebMail
PBX
Miscellaneous
Licensing
  • Creating and Deleting Log Files
  • Specifying a Time Interval
  • Filtering Log Records
  • Filtering by Prefix Key
  • Searching
  • Time Stamps and Time Zones
  • Overflow Markers
  • Preferences
  • Sending to Remote syslog Servers
  • All components of the CommuniGate Pro Server store messages in one unified Log.
    Each record contains a time stamp, the log level, the tag identifying the component that created the record, and the record data itself.

    CommuniGate Pro Logs are plain text files, and they can be processed with any text-processing utility.

    When sending a support request to CommuniGate Systems technical support, always include a portion of the Log indicating the problem.

    Creating and Deleting Log Files

    Use the WebAdmin Interface to examine the Server Logs. Open the Logs page in the Monitor realm. The list of the stored Logs appears. The current Log is marked with the asterisk (*) sign.

    You should have the "Can Monitor" Server Access Right to view the Logs.

    The options on the top of the page allow you to specify when the Logs files are created and deleted:

    Log Manager Settings
    Start New File Every: or if Larger than:
    Delete Old Files In:  
    External Logger Records to send: Server address:
      

    Start New File
    A new file is created automatically every day (at midnight), or more often, according to this setting value.

    if Larger than
    A new Log file is also created if the current Log file size exceeds the specified limit.

    The Log files are created in the SystemLogs subdirectory of the Server base directory.

    Delete Old Files
    Shortly after a new Log file is created, the Server checks all files in the SystemLogs subdirectory, and removes all files that are older than the time period specified with this setting.

    External Logger
    Please see the Sending to Remote Servers section.

    You should have the "CanTuneLoggerSettings" Monitor Access Right to modify the Logs Engine settings.

    You can select one or several Logs in the list and then remove them using the Delete Marked Logs button. The active (current) Log file cannot be deleted.

    You should have the "CanTuneLoggerSettings" Monitor Access Right to delete Logs.

    If there are too many Log files on the Server, you can enter a string in the Filter field and click the Display button: only the Logs with names matching the Filter string will be displayed:

    Filter: 11 selected
      Name Size
    *2007-04-04115M
    2007-04-03204M
    2007-04-0234M
    2007-04-0134M
    2007-03-3134M
    2007-03-3025M
    2007-03-2933M
    2007-03-2835M
    2007-03-2734M
    2007-03-2633M
    2007-03-2533M

    Click the Log file name to open it.


    Specifying a Time Interval

    When the Log appears in your browser window, all Log records are displayed. Since Logs can have thousands of records, you may want to view only a portion of the Log. Interrupt the Log downloading process and specify the Log Level and the Time Interval options:

    Selection
    Level:
    Filter: KeyedRegEx
    Interval: -

    Only the records with time stamps in the specified interval are displayed.

    If you are viewing the current Log and specify "*" in the second field, all records placed in the Log by this moment are displayed.

    If you are viewing the current Log and specify some future time in the second field, the Server will keep the browser channel open, sending new Log records as they are placed in the Log. The channel is closed either at the end of the specified Time Interval, or when the Server starts a new Log.


    Filtering Log Records

    The CommuniGate Pro Logs can be very big, reaching several hundred megabytes of data on a heavily loaded Server or on a Server with low-level logging enabled.
    It is difficult to examine an entire Log of that size.

    Level
    Use this setting to suppress displaying records that are more detailed than the specified value (have a higher level marker).

    Filter
    Use this option to specify the Filter string. Only the records containing this string will be displayed.
    The first part of log records (including a time stamp and a level marker) is not used for filtering operations.

    RegEx
    If this option is selected, the Filter string is interpreted as a regular expression.
    Click the Display button to display only the records that contain the specified substring.

    Example:
    Some of your users complain that sometimes their mailer application cannot retrieve messages from your server properly and that they see error messages informing them about some protocol errors.
    Since it does not occur often, you should run the IMAP module with its Log Level set to All-Info, though this will make your Logs very big. Finally, a user contacts you and says that the mailer has just displayed the same error.
    You open the Log and set the Level to 3 (Problems). Now you may see all the problems with the IMAP module that occurred today. When you find the record that indicates the problem your user is talking about, you see that that record has the IMAP-437425 tag. So, you type IMAP-437425 into the Filter field, and change the Log Level to 5 (All Info). As a result, you see a clean log of that particular IMAP session.

    Selection
    Level:
    Filter: KeyedRegEx
    Interval: -

    00:06:23.261 4 IMAP-437425([64.173.55.175]) got connection on [64.173.55.169:143](mail.communigate.com) fr
    00:06:23.261 5 IMAP-437425([64.173.55.175]) out: * OK CommuniGate Pro IMAP Server 5.1.8 at mail.commun
    00:06:23.261 5 IMAP-437425([64.173.55.175]) inp: 1 CAPABILITY
    00:06:23.261 5 IMAP-437425([64.173.55.175]) out: * CAPABILITY IMAP4 IMAP4REV1 ACL NAMESPACE UIDPLUS ID
    00:06:23.266 5 IMAP-437425([64.173.55.175]) inp: 2 AUTHENTICATE METHOD AAAAAAAAAAAAAAAAAAAAAA=
    00:06:23.268 2 IMAP-437425([64.173.55.175]) 'user@domain.com' connected from [64.173.55.175:31358]
    00:06:23.268 5 IMAP-437425([64.173.55.175]) out: 2 OK completed\r\n
    00:06:23.269 5 IMAP-437425([64.173.55.175]) inp: 3 LIST "" "*"
    00:06:23.269 5 IMAP-437425([64.173.55.175]) out: * LIST (\UnMarked) "/" Calendar\r\n* LIST (\Marked) "
    00:06:23.279 5 IMAP-437425([64.173.55.175]) inp: 4 SELECT "Tasks"
    00:06:23.270 5 IMAP-437425([64.173.55.175]) out: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft $MD
    00:06:23.272 5 IMAP-437425([64.173.55.175]) inp: 5 UID SEARCH NOT DELETED
    00:06:23.272 5 IMAP-437425([64.173.55.175]) out: * SEARCH 32 49 76 84 94 96 98 100 101 102 113 116 117
    00:06:23.275 5 IMAP-437425([64.173.55.175]) inp: 6 UID FETCH 193 (BODYSTRUCTURE FLAGS)
    00:06:23.275 5 IMAP-437425([64.173.55.175]) out: * 35 FETCH (BODYSTRUCTURE (("text" "calendar" ("chars
    00:06:23.278 5 IMAP-437425([64.173.55.175]) inp: 7 UID FETCH 193 (BODY.PEEK[HEADER])
    00:06:23.278 5 IMAP-437425([64.173.55.175]) out: * 35 FETCH (BODY[HEADER] {722}\r\ncontent-class: urn:
    00:06:23.280 5 IMAP-437425([64.173.55.175]) inp: 8 UID FETCH 193 (BODY.PEEK[1])
    00:06:23.280 5 IMAP-437425([64.173.55.175]) out: * 35 FETCH (BODY[1] {539}\r\nBEGIN:VCALENDAR\r\nMETHO
    00:06:23.281 5 IMAP-437425([64.173.55.175]) inp: 9 UID FETCH 191 (BODYSTRUCTURE FLAGS)
    00:06:23.281 5 IMAP-437425([64.173.55.175]) out: * 34 FETCH (BODYSTRUCTURE (("text" "calendar" ("chars


    Filtering by Prefix Key

    The Keyed option instructs the Server to scan the Log twice. First, it scans the Log (within the specified Time Interval) and finds all records matching the filter string. These strings are not displayed, but their Prefix Keys are remembered. The Prefix Key is the first part of the record (not including the time stamp and the level marker) till the first space symbol. Up to 100 different Prefix Keys are remembered.

    Then the Log is scanned again (within the specified Time Interval), and the Server displays all records that have Prefix Keys matching one of the remembered Prefix Keys.

    Some protocols (such as SIP) do not use connections. A SIP session ("dialog") consists of several packets (each packet is recorded with its own SIPDATA-NNNNNN Prefix Key), but all packets contain the same Call-ID line. Use the

    : Call-ID:caller-id
    filter string with the Keyed option to display all SIP session packets:

    Selection
    Level:
    Filter: KeyedRegEx
    Interval: -

    00:54:10.312 2 SIPDATA-000502 out: req udp [10.0.0.1]:5060 REGISTER(680 bytes) sip:node6.communigate.com
    00:54:10.312 5 SIPDATA-000502 out: REGISTER sip:node6.communigate.com SIP/2.0
    00:54:10.312 5 SIPDATA-000502 out: Via: SIP/2.0/UDP 64.173.55.170:5060;branch=z9hG4bK234
    00:54:10.312 5 SIPDATA-000502 out: Max-Forwards: 69
    00:54:10.312 5 SIPDATA-000502 out: From: <sip:usrname@node6.communigate.com>
    00:54:10.312 5 SIPDATA-000502 out: Call-ID: 72D532E1CEB813B537E4E44058354C68-2494453@node9.communigate.com
    00:54:10.312 5 SIPDATA-000502 out: Contact: <sip:299@node9.communigate.com;services=no>;expires=90
    00:54:10.312 5 SIPDATA-000502 out: CSeq: 114249520 REGISTER
    00:54:10.312 5 SIPDATA-000502 out: User-Agent: CommuniGatePro-gateway/5.1.4
    00:54:10.312 5 SIPDATA-000502 out: Authorization: Digest realm="ns.communigate.com",username="usrname",non
    00:54:10.312 5 SIPDATA-000502 out: Expires: 90
    00:54:10.312 5 SIPDATA-000502 out: Content-Length: 0
    00:54:10.312 5 SIPDATA-000502 out: 
    00:54:10.328 2 SIPDATA-000503 inp: rsp udp [64.173.55.167]:5060 200-REGISTER(566 bytes)
    00:54:10.328 5 SIPDATA-000503 inp: SIP/2.0 200 OK
    00:54:10.328 5 SIPDATA-000503 inp: Via: SIP/2.0/UDP 64.173.55.170:5060;branch=z9hG4bK234
    00:54:10.328 5 SIPDATA-000503 inp: From: <sip:usrname@node6.communigate.com>;tag=9B5A8DB531C3FD7A
    00:54:10.328 5 SIPDATA-000503 inp: To: <sip:usrname@node6.communigate.com>;tag=7FBB267A3903E5B0
    00:54:10.328 5 SIPDATA-000503 inp: Call-ID: 72D532E1CEB813B537E4E44058354C68-2494453@node9.communigate.com
    00:54:10.328 5 SIPDATA-000503 inp: CSeq: 114249520 REGISTER
    00:54:10.328 5 SIPDATA-000503 inp: Expires: 90
    00:54:10.328 5 SIPDATA-000503 inp: Contact: <sip:299@node9.communigate.com;services=no>;expires=90
    00:54:10.328 5 SIPDATA-000503 inp: Event: registration
    00:54:10.328 5 SIPDATA-000503 inp: Date: Thu, 16 Mar 2006 08:53:04 GMT
    00:54:10.328 5 SIPDATA-000503 inp: Allow: PUBLISH,SUBSCRIBE
    00:54:10.328 5 SIPDATA-000503 inp: Allow-Events: presence,message-summary,reg,keep-alive
    00:54:10.328 5 SIPDATA-000503 inp: Supported: path
    00:54:10.328 5 SIPDATA-000503 inp: Server: CommuniGatePro/5.1.4
    00:54:10.328 5 SIPDATA-000503 inp: Content-Length: 0
    00:54:10.328 5 SIPDATA-000503 inp: 
    00:54:10.328 2 SIPDATA-000503 sent to SIPC-000234
    00:55:25.328 2 SIPDATA-000507 out: req udp [10.0.0.1]:5060 REGISTER(680 bytes) sip:node6.communigate.com
    00:55:25.328 5 SIPDATA-000507 out: REGISTER sip:node6.communigate.com SIP/2.0
    00:55:25.328 5 SIPDATA-000507 out: Via: SIP/2.0/UDP 64.173.55.170:5060;branch=z9hG4bK236
    00:55:25.328 5 SIPDATA-000507 out: Max-Forwards: 69
    00:55:25.328 5 SIPDATA-000507 out: From: <sip:usrname@node6.communigate.com>;tag=35270A39FB68F573
    00:55:25.328 5 SIPDATA-000507 out: To: <sip:usrname@node6.communigate.com>
    00:55:25.328 5 SIPDATA-000507 out: Call-ID: 72D532E1CEB813B537E4E44058354C68-2494453@node9.communigate.com
    00:55:25.328 5 SIPDATA-000507 out: Contact: <sip:299@node9.communigate.com;services=no>;expires=90
    00:55:25.328 5 SIPDATA-000507 out: CSeq: 114249521 REGISTER
    00:55:25.328 5 SIPDATA-000507 out: User-Agent: CommuniGatePro-gateway/5.1.4
    00:55:25.328 5 SIPDATA-000507 out: Authorization: Digest realm="ns.communigate.com",username="usrname",non
    00:55:25.328 5 SIPDATA-000507 out: Expires: 90
    00:55:25.328 5 SIPDATA-000507 out: Content-Length: 0
    00:55:25.328 5 SIPDATA-000507 out: 
    00:55:25.343 2 SIPDATA-000508 inp: rsp udp [64.173.55.167]:5060 200-REGISTER(566 bytes)
    00:55:25.343 5 SIPDATA-000508 inp: SIP/2.0 200 OK
    00:55:25.343 5 SIPDATA-000508 inp: Via: SIP/2.0/UDP 64.173.55.170:5060;branch=z9hG4bK236
    00:55:25.343 5 SIPDATA-000508 inp: From: <sip:usrname@node6.communigate.com>;tag=35270A39FB68F573
    00:55:25.343 5 SIPDATA-000508 inp: To: <sip:usrname@node6.communigate.com>;tag=7EF99B799DFD7632
    00:55:25.343 5 SIPDATA-000508 inp: Call-ID: 72D532E1CEB813B537E4E44058354C68-2494453@node9.communigate.com
    00:55:25.343 5 SIPDATA-000508 inp: CSeq: 114249521 REGISTER
    00:55:25.343 5 SIPDATA-000508 inp: Expires: 90
    00:55:25.343 5 SIPDATA-000508 inp: Contact: <sip:299@node9.communigate.com;services=no>;expires=90
    00:55:25.343 5 SIPDATA-000508 inp: Event: registration
    00:55:25.343 5 SIPDATA-000508 inp: Date: Thu, 16 Mar 2006 08:54:19 GMT
    00:55:25.343 5 SIPDATA-000508 inp: Allow: PUBLISH,SUBSCRIBE
    00:55:25.343 5 SIPDATA-000508 inp: Allow-Events: presence,message-summary,reg,keep-alive
    00:55:25.343 5 SIPDATA-000508 inp: Supported: path
    00:55:25.343 5 SIPDATA-000508 inp: Server: CommuniGatePro/5.1.4
    00:55:25.343 5 SIPDATA-000508 inp: Content-Length: 0
    00:55:25.343 5 SIPDATA-000508 inp: 
    00:55:25.343 2 SIPDATA-000508 sent to SIPC-000236
       


    Searching

    Use your browser Find command to search for a string in the filtered portion of the CommuniGate Pro Log.

    Use the Print command of your Web browser to print the filtered Log.


    Time Stamps and Time Zones

    Each Log record has a time stamp indicating when the record was created. The time is displayed using the local time ("GMT shift") of the CommuniGate Pro Server used when the Log file was created.

    If the Server OS uses the time zone with daylight saving time, the time stamps used in the Log will not change when the local time ("GMT shift") changes. The new local time will be used when the new Log file is created.


    Overflow Markers

    The CommuniGate Pro Log Manager is designed as high-speed engine capable of processing thousands records per second, without delaying the execution of the Server component that generated the Log records. When some component generates a huge amount of records, (most likely, due to the Log Level set for that component), even the Log Manager may be unable to store all those records in the Log file.

    If a new record cannot be placed into the Log due to a Log Manager performance problem, the Log Manager stores a short Overflow Marker instead. The Overflow Marker is a line with three asterisk signs (***).

    If you filter the Log, the displayed part of the Log will always contain the OverFlow Markers if they exist in the selected part of the Log. If several sequential Overflow Markers have to be displayed, only the first one is displayed.


    Preferences

    Administrators can specify their individual Log Viewer Preferences.

    Use the Preferences link to open the Monitor Preferences.

    Log Manager
    Log Viewer Height: Open showing last:

    Open showing last
    When you open the currently active Log file, this setting specifies the inital starting time of the Time Interval (see below), so you see only the recent Log records.
    When you open an inactive Log file, the Time Interval is not initialized, and the Log is displayed from the beginning.


    Sending to Remote syslog Servers

    You may want to send CommuniGate Pro Log records to an external syslog server.
    Usually these servers are not providing the CommuniGate Pro Log Manager performance, so you should send only a small part of the Log records to those servers.

    Use the following settings to configure remote logging:

    Records to send
    Specify the level of Log Records to be sent to a remote syslog server. Records that are more detailed than the specified value (have a higher level marker) are not sent.

    Server address
    Specify the IP address of the remote syslog server. If you do not specify the port number, the standard port number 514 is used.

    If the Log Manager fails to open a UDP socket or fails to send a datagram to the selected remote syslog server, the Log Manager switches the Records to Send option to Nothing and it stops sending Log records to the remote syslog server.


    CommuniGate® Pro Guide. Copyright © 1998-2006, Stalker Software, Inc.