Table of content:
- Introduction
- File registration and upload
- Accessing your results
- The result viewer
- Overlaying multiple graphs
- Aggregating hourly graphs
- Going further
Introduction
I started writing aila (the Altiris IIS log analyzer) back in the Winter of 2009. The aims was to provide a tool specially tailored to extract information relevant to Altiris Notification Server. But this was also a personal project to do some C coding and get hands on experience with danlging pointer, dereferencing struct, data structures and other nice element of C programming.
I compiled aila for Linux and Windows (32 and 64-bit alike) until I reached some hurdles that were too much so I dropped the Windows builds. This is something I assume however it had the disadvantage of making it difficult for customers to run the tools. And after some times I finally got back to it - trying to finally liberate the tool from its Linux tie to make it available to people that need it.
Hence I am very pleased to introduce the aila self-service portal, the 2 step process to get results out of it and how to get valuable information from the analysis.
File registration and upload
I will not explain how to upload a file here, however I'll detail some of the limits and expectations
- Only zip files are handled from the upload form. The max file size is set at 128MiB, so this should not be an issue.
- The files are extracted into a directory and we search for log files on that directory alone.
- Theres no limit in the number of files you can put in a zip container, and I am not intending to put any unless forced too.
Accessing your results
The processing is done asynchronously by design, but runs at regular interval (between 1 and 5 minutes depending on the server used) so you shouldn't have to wait too long to access them.
The email address (which is not strictly enforced, so you could use any pass-phrase if you wanted on the email field) is used to uniquely identify the user and group the results into a single folder. You can access the results from the home page or via the email md5 look-up form.
The result viewer
Once you have entered your email or passphrase you will be directed to the result folder, where the viewer page will offer you a dropdown menu with the list of file results available for view:
Select a file result and the graphs from the results files will be drawn on screen. You can still access the raw data (aila output and list of ip/guids collected during processing) on the link at the bottom of the viewer.
Overlaying multiple graphs:
Since release 0.6 it is now possible to overlay as many results set as you want (or can) into a single graph. To use this feature first open a result set, and then simply tick the "Overlay" checkbox on the result viewer and select the results you want to overlay. Once the selection is made the graphs will be refreshed and will show results from the two selected files together. To return to a single result view untick the overlay checkbox _and_ the aggregate checkbox, and select the result file you want to see. Here is a series of screenshot that illustrate the above description:
Selecting the first result set:
Selecting the second result set, with "overlay" checked:
After selecting many results:
Aggregating hourly graphs:
Similar to the overlay feature, the aggregate view puts multiple graphs together. But the aggregation only works for the "hourly hit" graph, with no limits to the number of files aggregated. So you could easily upload a week or a month worth of IIS logs and see how the load behave over the period.
As per the overlay option, you need to untick the checkbox "aggregate" and "overlay" to resume standard viewing of your result sets.
Selecting the first result file, and checking "Aggregate":
Selecting a second file:
Selecting a third file...
Going further:
This portal is only a tool to help you unlock interesting information from your server IIS log files. So if you find something really strange or need some help understanding the results please contact me on Symantec Connect, as I am always interested to find new ways to troubleshoot issues in the Symantec Management Platform (and to share it with people who may need the information at some point).
Current release: aila-web version 0.5 {CWoC rev. 711}