Monitor the WebSphere Application Server environment by using the Log Analyzer

The Log Analyzer merges all the data from one or more IBM Service logs and displays the entries. For more information on the IBM Service logs, see IBM Service log file. Based on its symptom database, it analyzes and interprets the error conditions in the log entries to help you debug problems. The Log Analyzer can download the latest symptom database from the IBM Web site. For more information on obtaining and using the Log Analyzer to monitor your WebSphere Application Server environment, see these topics:

• Obtain the Log Analyzer
• Use the Log Analyzer
• Update the symptom database
• View the IBM Service log file without the Log Analyzer

Obtaining the Log Analyzer

The Log Analyzer is installed on your workstation as part of the WebSphere Application Server workstation components. For details on how to install the workstation components, see the Install the workstation tools for WebSphere Application Server topic in Installation.

Use the Log Analyzer

You can start the Log Analyzer on your client workstation by using any of these methods:

• From the Windows NT/2000 task bar, select Start -> Programs -> IBM WebSphere -> Application Server Version 5.0 -> Log Analyzer.
• From the workstation command prompt:
  • On Windows NT or Windows 2000, enter this:

    [WAS_INSTALL_ROOT]\bin\waslogbr.bat

  • On Unix platforms, enter this:

    [WAS_INSTALL_ROOT]/bin/waslogbr.sh

Once the Log Analyzer window is displayed, perform these steps to open an activity log file:

1. Do either of these steps:
   • Use ftp to send the activity.log file in binary format to your log analyzer workstation.
   • On Windows NT or Windows 2000, map a drive to the iSeries server. Alternatively, on Unix platforms, mount a drive to the iSeries server.

2. Select File -> Open.
3. Navigate to the directory containing the activity.log file.
4. Select the activity.log file.
5. Select Open.
6. Expand the tree in the left-hand pane of the Log Analyzer to view messages.

Uncolored records are "normal", yellow are warnings, and pink are errors. If you select a record, you see its contents, including the basic error or warning message, the date, the time, which WebSphere component logged the record, and which process (for example: application server, node agent) it came from, in the right-hand pane.

The activity log does not analyze any other log files, such as the SystemOut.log or native_stdout.log file. To analyze the records, right click on a record in the tree on the left (click on the UnitOfWorkView at the top to get them all), and select Analyze. Any records with a green check mark next to them match a record in the symptom database. When you select a check-marked record, you see an explanation of the problem in the lower right-hand pane.

Use the Log Analyzer Help to get more detailed information on using Log Analyzer.

Update the symptom database

The database of known problems and resolutions used when you click Analyze on the menu is periodically enhanced as new problems come to light and new versions of the product are introduced. To ensure that you have the latest version of the database, use the File --> Update Database --> WebSphere Application Server Symptom Database menu item from within the log analyzer tool at least once a month. Users who have just installed the product and have never run the update should do so immediately, since updates may have occurred since the version was first released.

The knowledge base used for analysis is built gradually from problems reported by users. For a recently released version of the product, you might not find any analysis hits. However, the Log Analyzer tool still provides a way to see all error messages and warnings from all components in a convenient, user-friendly way.

View the IBM Service log without the Log Analyzer.

If using the Log Analyzer to view the IBM Service log file is impractical or inconvenient, you can use an alternative tool named showlog. To use the showlog tool, perform these steps:

1. On the iSeries command line, run the Start Qshell Interpreter (STRQSH) command.
2. Change directory to the bin directory for the product:

   cd was_install_root/bin

   where was_install_root is /QIBM/ProdData/WebAS5/Base or /QIBM/ProdData/WebAS5/ND for WebSphere Application Server and WebSphere Application Server Network Deployment respectively.
3. Run the showlog script. The syntax is:

   showlog [-instance instance_name] activity_log_file
           [output_file]
   
   

   where the parameters are:

   -instance

   Optional. The value instance_name specifies the name of the WebSphere Application Server instance. The default value for instance_name is default.

    

   activity_log_file

   Required. The qualified integrated file system path name of the activity log file you wish to view. For example, /QIBM/UserData/WebAS5/Base/default/logs/activity.log

    

   output_file

   Optional. The qualified integrated file system path name of the file to contain the formatted, readable contents of the activity log file. If this parameter is not specified, the output is written to standard out (the screen).

   Examples:

   showlog /QIBM/UserData/WebAS5/Base/default/logs/activity.log 
   showlog -instance myinst /QIBM/UserData/WebAS5/ND/myinst/logs/activity.log
   /home/myuserid/myinst_activity.txt

The output of the showlog script file consists of message event entries separated by horizontal lines.

Here is a description of the fields that make up the entries:

ComponentId	Currently not used.
ProcessId	Job information for the job from which the message event was issued.
ThreadId	Java (TM)thread ID of the thread from which the message event was issued.
FunctionName	Currently not used.
ProbeId	Currently not used.
SourceId	The class name of the object from which the message event was issued.
Manufacturer	IBM
Product	Product whose code issued the message event. Currently this is WebSphere Application Server.
Version	Product version or build level
SOMProcessType	Currently not used
ServerName
ClientHostName	Currently not used.
ClientUserId	Currently not used.
TimeStamp	Timestamp indicating when the message event was issued. The default time zone is Greenwich Mean Time (GMT). See Set the time zone for information on how to change the default timezone for WebSphere Application Server.
UnitOfWork	Currently not used.
Severity	Indicates the severity of the message. Audit message events are severity 3, warning message events are severity 2, and fatal/terminate/error message events are severity 1.
Category	The type of message event. Valid values are AUDIT, WARNING, ERROR, FATAL, and TERMINATE
FormatWarning	Currently not used.
PrimaryMessage	Currently not used.
ExtendedMessage	Message Identifier: Message text
RawDataLen	The length of any raw data that follows the message. Typically this value is zero.