Access Manager not logging common or extended HTTP traffic when SSL configured

  • Document ID:7000095
  • Creation Date:18-Apr-2008
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Access Manager (NAM)

Environment

Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Support Pack 2 applied

Situation

Linux Access gateway setup with multiple reverse proxies, some using HTTP and others using SSL. Each proxy service defined has common and/or extended logging enabled with the default logging profiles. When users start browsing accelerated Web servers through the proxy, only the proxies with HTTP enabled will always get entries added to their common and/or extended log files. With the SSL enabled proxies, only the first created or the Enterprise service provider proxy (if it is SSL enabled) will have entries added to their log files. The rest of the proxy services will not have any log entries added.

Looking at an example setup:

## reboot of lag with appropriate settings in place
## 3 reverse proxies:
## accessjoe (ssl,log_on-not_working)
## portal (no_ssl,log_on-working)
## webstor (ssl,esp,log_on-working)
## 
## ssh to lag
## 

joewam-agw:~ # date; lsof +D /var/log/novell/reverse
Tue Apr  8 12:55:40 CDT 2008
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
ics_dyn 5566 root   22u   REG    8,6    0 1925
/var/log/novell/reverse/portal_fv_org/http-reverse/portal_fv_org/common/080408.log
ics_dyn 5566 root   26u   REG    8,6    0 1971
/var/log/novell/reverse/webstor_fv_org/http-reverse/webstor_fv_org/common/080408.log

## verify current logging behavior
## hit portal @~13:03:0x_CDT

joewam-agw:~ # tail
/var/log/novell/reverse/portal_fv_org/http-reverse/portal_fv_org/common/080408.log
192.168.10.86 - - [08/Apr/2008:18:02:35 -0500] "GET http://portal.fview.org/
HTTP/1.1" 200 3299
192.168.10.86 - - [08/Apr/2008:18:02:56 -0500] "GET
http://portal.fview.org/nps/HCheck.jsp?verifylogging HTTP/1.1" 200 41
192.168.10.86 - - [08/Apr/2008:18:02:56 -0500] "GET
http://portal.fview.org/favicon.ico HTTP/1.1" 404 988
192.168.10.86 - - [08/Apr/2008:18:02:56 -0500] "GET
http://portal.fview.org/favicon.ico HTTP/1.1" 404 988

## hit accessjoe @~13:06:4x_CDT
## no log, no data, no open file

joewam-agw:~ # tree -ifsD /var/log/novell/reverse/*fv_org |grep common.*8.log
[      446 Apr  8 13:03]
/var/log/novell/reverse/portal_fv_org/http-reverse/portal_fv_org/common/080408.log
[        0 Apr  8 12:43]
/var/log/novell/reverse/webstor_fv_org/http-reverse/webstor_fv_org/common/080408.log
joewam-agw:~ # date; lsof +D /var/log/novell/reverse
Tue Apr  8 13:09:05 CDT 2008
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
ics_dyn 5566 root   22u   REG    8,6  446 1925
/var/log/novell/reverse/portal_fv_org/http-reverse/portal_fv_org/common/080408.log
ics_dyn 5566 root   26u   REG    8,6    0 1971
/var/log/novell/reverse/webstor_fv_org/http-reverse/webstor_fv_org/common/080408.log

## hit portal @~13:09:4x_CDT

joewam-agw:~ # tail
/var/log/novell/reverse/webstor_fv_org/http-reverse/webstor_fv_org/common/080408.log
192.168.10.86 - - [08/Apr/2008:18:09:43 -0500] "GET
https://webstor.fview.org:443/?verifylogging HTTP/1.1" 200 1159
192.168.10.86 - - [08/Apr/2008:18:09:43 -0500] "GET
https://webstor.fview.org:443/webdisk/functions.js HTTP/1.1" 200 2974
192.168.10.86 - - [08/Apr/2008:18:09:43 -0500] "GET
https://webstor.fview.org:443/webdisk/style.css HTTP/1.1" 200 3027

## hit portal @~13:17:1x_CDT
## from second ssh session:
joewam-agw:~ # tail -n 1
/var/log/novell/reverse/portal_fv_org/http-reverse/portal_fv_org/common/080408.log 
192.168.10.86 - - [08/Apr/2008:18:13:49 -0500] "GET
http://portal.fview.org/nps/HCheck.jsp?debugstartedbutnotcontinued HTTP/1.1"
200 41
https://webstor.fview.org:443/favicon.ico HTTP/1.1" 404 988

## apply update changing config to the following:
## accessjoe (ssl,esp,log_on-working)
## portal (no_ssl,log_on-working)
## webstor (ssl,log_on-notworking)

## from second ssh session:
joewam-agw:~ # lsof +D /var/log/novell/reverse
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
ics_dyn 5566 root   22u   REG    8,6  586 1925
/var/log/novell/reverse/portal_fv_org/http-reverse/portal_fv_org/common/080408.log
ics_dyn 5566 root   29u   REG    8,6    0 1991
/var/log/novell/reverse/accessjoe_fv_org/http-reverse/accessjoe_fv_org/common/080408.log

## hit portal several times @~13:24:2x_CDT to 13:27
## hit accessjoe several times @~13:30:5x_CDT to 13:33
## hit webstor several times @~13:34:0x_CDT to 13:37
## portal & accessjoe weblog files still open, webstor still not.
## BUT, NO changes/additional data in any log file

Resolution

Reported to development. Will be fixed in SP3 Interim Release 1 patch.