What Can We Find in a Typical Log File

Before proceeding with writing the analyzer code or changing any configuration for it, take a look and identify the types of messages you have in the log files and how you can unambiguously identify them. Look for common attributes that make them distinguishable. Typically you will see standard messages generated by either the application itself or the application container.

These messages are meant to inform you about the state of the application. Because these messages are generated by the application they most likely indicate expected behavior and each state they inform you about is part of the normal application flow. As I'm going to investigate exceptions I'm not really interested in that type of message. Listing 7-3 is a snippet from Tomcat's log file that shows what "normal" log messages look like.

Listing 7-3. Standard logging messages in catalina.out

Jan 17, 2010 8:18:24 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production^

environments was not found on the java.l ibrary.path: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/i386/client:/usr/lib/jvm/-' java-1.6.0-openjdk-1.6.0.0/jre/lib/i386: /usr/lib/jvm/java-1.6.0-openjdk-

1.6.0.0/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/-'

usr/libJan 17, 2010 8:18:24 AM org.apache.coyote.http11.Http11BaseProtocol-'

initINFO:Initializing Coyote HTTP/1.1 on http-8081Jan 17, 2010 8:18:24 AM-<

org.apache.catalina.startup.Catalina load

INFO: Initialization processed in 673 ms

Jan 17, 2010 8:18:24 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina

Jan 17, 2010 8:18:24 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.23 Jan 17, 2010 8:18:24 AM org.apache.catalina.core.StandardHost start INFO: XML validation disabled

Jan 17, 2010 8:18:25 AM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized()

Jan 17, 2010 8:18:25 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized()

Jan 17, 2010 8:18:25 AM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized()

Jan 17, 2010 8:18:25 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized()

Jan 17, 2010 8:18:25 AM org.apache.catalina.core.ApplicationContext log INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: ^

[org.apache.webapp.balancer.RuleChain: [org.apache.webapp. balancer.rules.URLStringMatchRule: Target string: News / Redirect URL:^

http://www.cnn.com], [org.apache.webapp.balancer.rules. RequestParameterRule: Target param name: paramName / Target param value:^

paramValue / Redirect URL: http://www.yahoo.com], [or g.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL: ^ http://jakarta.apache.org]]

You can see that all log entries start with a date stamp. This is one of the attributes I will use to detect the log entry. Also notice that log entries may span multiple lines. So each long entry starts with a line that begins with has a time stamp and finishes when another line with a time stamp is detected. Write this down, as this is going to become one of the design decisions for your application.

Was this article helpful?

0 0

Post a comment