Configure Logging for a CSM Server or Web Application

Use the Server Manager to configure event logging for CSM Servers or Web Applications.

Event logging records significant events and errors, and is used for troubleshooting. When configuring event logging, designate:

• Where to log events.
• Which classification of server events to log (debug, stats, information, warning, error, or fatal).

Logging can be configured to go to an event log, set up file locations, or to a Splunk server. Splunk is a third-party tool that identifies data patterns, provides metrics, diagnoses problems, and provides intelligence for business operations. CSM integrates with Splunk so that CSM event log data can be indexed and made easily searchable. Download and install Splunk onto a server and configure it for logging events. Log Debug messages (Debug and above) to a file or to Splunk, and not to an event log. CSM logs numerous Debug messages, so a log would be slow and might require more resources. For more information on integrating Splunk and CSM, see Splunk Integration (Splunk Integration, http://docs.splunk.com/Documentation).

To configure logging for a CSM Server or Web Application:

1. Click Start>All Programs>Cherwell Service Management>Tools>Server Manager.
2. Select a server from the drop-down list.
3. Click the Logging button.

   The Logging Options window for the selected Server opens.

4. Select where to log CSM events (select one or more options):
   1. Log to event log: Select this check box to log CSM events so that they can be viewed by the Windows Event Viewer. Then, select which events to log:
      • Debug and above: Very verbose messages. Leaving this on continuously can get space and resource intensive.
      • Stats and above: Detailed messages that track performance.
      • Info and above: Informational messages that can be used to diagnose a problem with your Server.
      • Warning and above: Warning messages that occurred while the Server was running.
      • Error and above: Errors that were encountered while the Server was running.
      • Fatal only: Errors that were encountered while the Server was running that caused the Server to stop.
        Note: We recommend logging Debug messages (Debug and above) to a file or to Splunk, and NOT to an event log. CSM logs numerous Debug messages, so a log would be slow and might require more resources.
   2. Log to file: Select this check box to write the logs to a specific file and location. Then, set your file limits.
      • Log Level: Select an event classification as described above (example: Debug and above, Info and above, etc.)
      • File Name: Click the Ellipses button to select a location for the log file.
      • File Size Limit: By default, the file size is set to 10 MB, but can be changed by entering a new value in the field.
      • File Count Limit: Rolling event logs are used, so that when the maximum file size is reached for a log file, a new file is created. By default, the number of files is set to 20 (but can be changed), after which the oldest log file is overwritten by continued logging.
        Note: If you log to a file for the CSM Web Applications, the log file must be stored in a location accessible to the account that IIS uses to run the CSM sites. This is typically the ApplicationPoolIdentity, also referred to as the IUSR account. To prevent security issues, do not configure the IIS Application Pool to use the LocalSystem account.
   3. Log to Splunk: Select this check box to write the logs to a Splunk server, and then configure Spunk logging.
5. Click OK to close the Logging options window.