QSLOG(1) | qslog man page | QSLOG(1) |
qslog - collects request statistics from access log data.
qslog -f <format_string> -o <out_file> [-p[c|u[c]] [-v]] [-x [<num>]] [-u <name>] [-m] [-c <path>]
qslog is a real time access log analyzer. It collects the data
from stdin. The output is written to the specified file every minute and
includes the following entries:
- requests per second (r/s)
- number of requests within measured time (req)
- bytes sent to the client per second (b/s)
- bytes received from the client per second (ib/s)
- response status codes within the last minute (1xx,2xx,3xx,4xx,5xx)
- average response duration (av)
- average response duration in milliseconds (avms)
- distribution of response durations in seconds within the last minute
(<1s,1s,2s,3s,4s,5s,>5s)
- distribution of response durations faster than a second within the last
minute (0-49ms,50-99ms,100-499ms,500-999ms)
- number of established (new) connections within the measured time (esco)
- average system load (sl)
- free memory (m) (not available for all platforms)
- number of client ip addresses seen withn the last 600 seconds (ip)
- number of different users seen withn the last 600 seconds (usr)
- number of events identified by the 'E' format character
- number of mod_qos events within the last minute (qV=create session, qv=VIP
IP,qS=session pass, qD=access denied, qK=connection closed, qT=dynamic
keep-alive, qL=request/response slow down, qs=serialized request,
qA=connection abort, qU=new user tracking cookie)
The following environment variables are known to qslog:
Rule syntax:
<name>:<event1>-<n>*<event2>/<duration>=<limit>
'name' defines the name you have given to the rule entry and is logged
along with with the number of times the 'limit' has been reached within
the 'duration'.
'event1' defines the variable name (if found in 'E') to increment the
counter.
'event2' defines the variable name (if found in 'E') to decrement the
counter (and the parameter 'n' defines by how much).
'duration' defines the measure interval (in seconds) used for the
QS_ClientEventLimitCount directive.
'limit' defines the threshold (number) defined for the
QS_ClientEventLimitCount directive.
Note: If the 'name' parameter is prefixed by 'STATUS', the rule is applied against the HTTP status code 'S' and the 'event1' string shall contain a list of relevant status codes separated by an underscore (while 'event2' is ignored).
Configuration using pipped logging:
CustomLog "|/usr/bin/qslog -f ISBDQ -x -o /var/log/apache/stat.csv"
"%h %>s %b %D %{mod_qos_ev}e"
Post processing:
LogFormat "%t %h \"%r\" %>s %b \"%{User-Agent}i\"
%T"
cat access.log | qslog -f ..IRSB.T -o stat.csv -p
qsdt(1), qsexec(1), qsfilter2(1), qsgeo(1), qsgrep(1), qshead(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)
Pascal Buchbinder, http://mod-qos.sourceforge.net/
December 2018 | mod_qos utilities 11.61 |