Enabling this option will record any login attempts to the SSO domains configured on the LoadMaster. When this option is enabled, the SSOMGR traces are printed in the main syslog file.

Note: These are debug logs and should only be enabled when troubleshooting specific issues with Progress Kemp Support. This option should not be enabled all the time because it would degrade system performance and resource usage.

The syslogs are rotated on a per size/day manner. They are rotated every day at midnight or when the size reaches 10MB. Rotated files older than seven days are automatically removed.

To view, clear, and save these logs, go to System Configuration > Logging Options > System Log Files in the LoadMaster User Interface (UI).

ESP User Logs

Note: In LoadMaster firmware version 7.2.51, ESP user logs were expanded to be more useful and applicable to enterprise customers with extensive logging infrastructure. User Authentication, Authorization, and Accounting (AAA) information is included in the logs, including the time of request, username, domain, AAA server, AAA protocol type, AAA result, and error message.

To view, clear, and save the ESP user logs, go to System Configuration > Logging Options > Extended Log Files in the LoadMaster User Interface (UI).

Here is an example of these logs:

2021-09-08T07:34:22-04:00 lb100 ssomgr: vs=10.35.46.240:80 user=mgupta@kpauto.net domain=kempqaesp.net server=172.20.7.170 protocol=LDAP Unencrypted result=0:Success

...

2021-09-08T08:08:40-04:00 lb100 ssomgr: vs=10.35.46.240:80 user=mgupta@kpauto.net domain=KPAUTO.NET msg=Deleted expired user session, start time:1631102854 duration:66 seconds

You can generate these logs in Common Event Format (CEF) by enabling the Use CEF Log Format check box in System Configuration > Miscellaneous Options > L7 Configuration. Here is an example of these CEF logs:

2021-09-08T07:17:15-04:00 lb100 ssomgr: CEF:0|Kemp|LM|1.0|100|User AAA|0|vs=10.35.46.240:80 event=User AAA user=mgupta@kpauto.net domain=kempqaesp.net server=172.20.7.170 protocol=LDAP Unencrypted result=0:Success

...

2021-09-08T07:32:22-04:00 lb100 ssomgr: CEF:0|Kemp|LM|1.0|101|User session timeout|0|vs=10.35.46.240:80 event=User session timeout user=mgupta@kpauto.net domain=KPAUTO.NET msg=Deleted expired user session, start time:1631099835 duration:906 seconds

In LoadMaster firmware version 7.2.53, the ESP client session logging was further enhanced. The LoadMaster logs:

  • The initially created ESP session

    CEF:0|Kemp|LM|1.0|8|Logged on|1|vs=10.35.46.157:443 event=Logged on srcip=10.35.2.45 user=mgupta@kempqaesp.net msg=logged on

  • The time when the LoadMaster cleared the session from the cache. Note that if the entire cache is cleared, a single log message is recorded at the time of clearing, which notes that all existing sessions at that time were cleared form the cache.

    CEF:0|Kemp|LM|1.0|104|Flush SSO cache|1|event=Flush SSO cache msg=SSO cache being flushed user sessions:1 cookie sessions:0

  • If an ESP session is deleted (when the user logs out from the application, when the session expires, or the user enters invalid credentials). The time of when the LoadMaster cleared the session is also logged.

    CEF:0|Kemp|LM|1.0|101|User session timeout|0|vs=10.35.46.242:443 event=User session timeout user=mohit@parent.net domain=MULLTIDOMAIN msg=Deleted expired user session, start time:1629182393 duration:69 seconds

    CEF:0|Kemp|LM|1.0|102|User session kill|0|vs=10.35.46.235:443 event=User session kill user=mohit@parent.net domain=MULLTIDOMAIN msg=Deleted user session, start time:1629378587 duration:8 seconds

    CEF:0|Kemp|LM|1.0|103|Kill all sessions|0|event=Kill all sessions domain=MULLTIDOMAIN msg=Deleted 1 user session(s) associated with domain

All logs related to ESP that are produced by the LoadMaster application running over Layer7 (including the connection, security, and user logs) support CEF. All other LoadMaster logs do not support CEF format – including logs produced by enabling the Enable SSOMGR Debug Traces option (which are printed in /var/log/messages).