By default the IBM Security Access Manager (ISAM) reverse proxy (or ‘WebSEAL’) writes request data to the file ‘request.log’: when the file size reaches 2 MB a fresh file is created, and there is no limit to the number of request log files that are created. I was recently asked how to automatically limit the number of request log files that are created so that you don’t either run out of disk space or need an ongoing administrative activity to keep deleting old request log files.
I eventually figured out how to do this after reading this several times, particularly chapter four: ISAM 9.0 Auditing Topics.
The generation of the request log file using the default settings is controlled by the ‘requests = yes|no’ entry in the [logging] stanza in the reverse proxy configuration file. Also in the configuration file there is an attribute documented called ‘max_rollover_files’, but it’s not obvious how to benefit from this attribute.
The answer, it turns out, is to create an entry like this in the [aznapi-configuration] stanza (on one line):
logcfg = http.clf:file path=myrequest.log,log_id=clf,flush_interval=20,rollover_size=2000000,max_rollover_files=5
This will cause request log entries to be written to the file ‘myrequest.log’, it will set the maximum file size to 2,000,000, and when there are more than five log files the oldest one is deleted. An entry with these settings overrides an entry of ‘requests = yes’ in the [logging] stanza and records are no longer written to request.log. (‘http.clf’ is the HTTP request information; ‘clf’ stands for common log format.)
Obviously you could have request log data written to the usual log file by specifying the following in the [aznapi-configuration] stanza:
logcfg = http.clf:file path=request.log,log_id=clf,flush_interval=20,rollover_size=2000000,max_rollover_files=5
so you’d use the standard filenames but pick up the max_rollover_files setting. The advantage of specifying a different filename – at least for testing – is that you can see that it is the new logcfg entry that is controlling the logging rather than the setting of ‘requests = yes’ in the [logging] stanza.
I hope that this is of use to someone…