The Extended Log Files screen provides options for logs relating to the ESP feature.

The ESP and WAF audit logs are rotated every 30 days (older logs are removed). WAF remote logs are rotated every seven days.

Note: If debug logging is enabled, it is possible that sensitive information may appear in the logs. If you are concerned by this, clear all the logs immediately after disabling debug logging.

To get to the Extended Log Files screen – in the LoadMaster WUI, go to System Configuration > Logging Options > Extended Log Files.

Disk Usage - This section provides an indication of the percentage used/free of the log partition. Color-coding is used to highlight different usage levels:

  • 0% to 50%: green
  • 50% to 90%: orange
  • 90% to 100%: red

There are multiple log files relating to ESP stored on the LoadMaster. These are listed below the Disk Usage section. These logs are persistent across LoadMaster reboots.

You can select one of the View or Save Action buttons with the default filter options to apply the action to the various log files (Connection Logs, Security Logs, and so on). For the Clear button, you must first select which logs to clear using the Selection controls.

To access the Selection Controls, click one of the right caret icons at the right of the buttons. For example, clicking on the icon to the right of the Clear and Save buttons, displays these controls.

You can filter the logs to clear or save by date, using the from and to controls, and also select a subset of log files from the multiple pick list on the right.

  • ESP Connection Logs: logs recording each connection
  • ESP Security Logs: logs recording all security alerts
  • ESP User Logs: logs recording all user logins. If the user is known, the URL which is being accessed by the user is recorded in the user log.

In LoadMaster firmware version 7.2.51, ESP user logs were expanded to be more useful and applicable to enterprise customers with extensive logging infrastructure. User Authentication, Authorization, and Accounting (AAA) information is included in the logs, including the time of request, username, domain, AAA server, AAA protocol type, AAA result, and error message. For further details, refer to the section Enable SSOMGR Debug Traces.

In LoadMaster firmware version 7.2.53, the ESP client session logging was further enhanced. The LoadMaster logs:

  • The time when the LoadMaster cleared the session from the cache. Note that if the entire cache is cleared, a single log message is recorded at the time of clearing, which notes that all existing sessions at that time were cleared form the cache.

  • If an ESP session is deleted (when the user logs out from the application, when the session expires, or the user enters invalid credentials). The time of when the LoadMaster cleared the session is also logged.

To view the logs, select the relevant options and click View. For more information, refer the section Extended Log Files of the Web User Interface (WUI) Confuguration Guide.

Some of the logs can be filtered by a number of methods. To filter log messages by date, select the relevant dates in from and to fields and click View.

When selecting dates for ESP logs, include the next date in the list to include all records for the desired dates (because the next day file may contain logs for the previous date).

It is possible to view logs for as far back as they have been stored. By default, logs are stored for the last 30 days. One or more archived log files can be viewed by selecting the relevant file(s) from the list of file names and clicking View. The logs can be filtered by entering a word(s) or regular expression in the filter field and clicking View.

Clear Extended Logs

Extended logs can be deleted by first selecting the logs to remove and then clicking the Clear button. An error is returned if you don’t select the logs to remove first. Optionally, you also use the from and to controls to remove logs for a specific date range.

Save Extended Logs

Click the arrow to expand the options. Select a file type (for example, connection) or enter a date range. Click the Save button. This saves a file to your machine.

Specific log files can be saved by filtering on a specific date range, selecting one or more individual log files in the log file list or selecting a specific log type (for example connection, security or user) in the log file list and clicking Save.

Note: For further information on the ESP logs, refer to the ESP Logs Technical Note.

Disable Local Extended ESP Logs

If Disable Local Extended ESP Logs is disabled (the default option), messages are written to the extended ESP logs expediently and are not sent to any remote syslog servers that are defined.

If Disable Local Extended ESP Logs is enabled, no messages are written to the extended ESP logs and messages are only sent to the remote logger (if one is defined). If a remote logger is not defined, no logs are recorded.

You can no longer configure the system to both populate the local extended ESP logs and send the same messages to remote syslog servers, as it was in previous releases.