The Extended Log Files screen provides options for logs relating to the ESP and WAF features.

The ESP and WAF audit logs are rotated every 30 days (older logs are removed). WAF remote logs are rotated every seven days.

Note: If debug logging is enabled, it is possible that sensitive information may appear in the logs. If you are concerned by this, clear all the logs immediately after disabling debug logging.

To get to the Extended Log Files screen – in the LoadMaster WUI, go to System Configuration > Logging Options > Extended Log Files.

Note: The WAF logs are not generated in real time – they can be up to two minutes behind what the WAF engine is actually processing.

Disk Usage - This section provides an indication of the percentage used/free of the log partition. Color-coding is used to highlight different usage levels:

  • 0% to 50%: green
  • 50% to 90%: orange
  • 90% to 100%: red

There are multiple log files relating to ESP stored on the LoadMaster. These are listed below the Disk Usage section. These logs are persistent across LoadMaster reboots.

You can select one of the View or Save Action buttons with the default filter options to apply the action to the various log files (Connection Logs, Security Logs, and so on). For the Clear button, you must first select which logs to clear using the Selection controls.

To access the Selection Controls, click one of the right caret icons at the right of the buttons. For example, clicking on the icon to the right of the Clear and Save buttons, displays these controls.

You can filter the logs to clear or save by date, using the from and to controls, and also select a subset of log files from the multiple pick list on the right.

  • ESP Connection Logs: logs recording each connection.
  • ESP Security Logs: logs recording all security alerts.
  • ESP User Logs: logs recording all user logins.
Note: In LoadMaster firmware version 7.2.51 and 7.2.53, ESP user logs were expanded to be more useful and applicable to enterprise customers with extensive logging infrastructure. For further details, refer to the ESP Logs Technical Note.
  • WAF Audit Logs: recording WAF logs based on what has been selected for the Audit mode drop-down list in the WAF Options section of the Virtual Service modify screen. The number listed in each log entry corresponds to the ID of the Virtual Service. To get the Virtual Service ID, first ensure that the API interface is enabled (Certificates & Security > Remote Access > Enable API Interface). Then, in a web browser address bar, enter https://<LoadMasterIPAddress>/access/listvs. Check the index of the Virtual Service. This is the number that corresponds to the number on the audit log entry.

To view the logs, please select the relevant options and click the relevant View button.

Some of the logs can be filtered by a number of methods. To filter log messages by date, select the relevant dates in the from and to fields and click the View button.

When selecting dates for ESP logs, include the next date in the list to include all records for the desired dates (because the next day file may contain logs for the previous date).

One or more archived log files can be viewed by selecting the relevant file(s) from the list of file names and clicking View. You can filter the log files by entering a word(s) or regular expression in the filter field and clicking View.

Note: If you use quotes in regular expressions in the LoadMaster WUI, there are limitations. You should consider using the API instead because those limitations do not exist in the API. For more information, refer to the section Limitations of Using Regular Expressions in the LoadMaster WUI.

Clear Extended Logs

Log files can be deleted by filtering on a specific date range, selecting one or more individual log files in the log file list, or selecting a specific log type (for example, connection, security, or user) in the log file list and clicking Clear. Click OK on any warning messages.

Save Extended Logs

Click the arrow to expand the options. Select a file type (for example, connection) or enter a date range. All extended logs can be saved to a file by clicking Save. This saves a file to your machine.

Specific log files can be saved by filtering on a specific date range, selecting one or more individual log files in the log file list or selecting a specific log type (for example connection, security or user) in the log file list and clicking Save.

Disable Local Extended ESP Logs

If Disable Local Extended ESP Logs is disabled (the default option), messages are written to the extended ESP logs expediently and are not sent to any remote syslog servers that are defined.

If Disable Local Extended ESP Logs is enabled, no messages are written to the extended ESP logs and messages are only sent to the remote logger (if one is defined). If a remote logger is not defined, no logs are recorded.

You can no longer configure the system to both populate the local extended ESP logs and send the same messages to remote syslog servers, as it was in previous releases.

Clear Temporary WAF Remote Log Data

Clear the temporary WAF remote log data.

Save Temporary WAF Remote Logs Data

Save the temporary WAF remote log data.