Extended logging not logging the X-Forwarded-For status field

  • 7013270
  • 12-Sep-2013
  • 18-Sep-2013


NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Access GAteway
HTTP extended logging enabled on Proxy service


Access Gateway HTTP logging is enabled where one of the goals is to monitor the X-Forwarded-For HTTP header value in all incoming requests. This X-Forwarded-For flag is enabled on the extended HTTP logging profile but no log fields for the header appear in the log files - all other requested fields are logged.

To duplicate:

- Enabled extended HTTP logging for proxy service that dumps the X-Forwarded-For header
- apply changes
- Access URL under the proxy with extended logging making sure
- view the extended log generated and not that there is no cache status

2013-07-16 13:55:53 public GET /formfill/phpinfo.php 302 164 "-" "-" "-"
2013-07-16 13:56:00 cn=ncashell,o=novell GET /formfill/phpinfo.php 200 4840 "-" "-" ""
2013-07-16 13:56:43 cn=ncashell,o=novell GET /formfill/phpinfo.php 200 4762 "-" "-" ""
2013-07-16 13:56:44 cn=ncashell,o=novell GET /formfill/phpinfo.php 200 4741 "-" "-" ""
2013-07-16 13:56:45 cn=ncashell,o=novell GET /formfill/phpinfo.php 200 4764 "-" "-" ""

The same operation on the 3.1 LAG worked great.
Looking at the config file with the logging setup at /etc/opt/novell/apache2/conf/vhosts.d/nam32vm-pxy-srvc.conf, the LogFormat does indicate a reference to the X-Forwarded-For header

LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %<u %A %m %U %>s %B \"%{Referer}i\" \"%{x-forward-for}i\" \"%{BALANCER_WORKER_IP}e\"" nam32vm-pxy-srvc-nam32vm- pxy-srvc
CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell/reverse/nam32mag-vm-revproxy/nam32vm-pxy-srvc-nam32vm-pxy-srvc.extended.log.%Y -%m-%d-%H_%M_%S\" 3600 7files" nam32vm-pxy-srvc-nam32vm-pxy-srvc env=nam32vm-pxy-srvc

Here is the sampe HTTP request that I generated

(Request-Line) GET /formfill/phpinfo.php HTTP/1.1
Host nam32app-vm.lab.novell.com
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us
Accept-Encoding gzip, deflate
Referer https://nam32app-vm.lab.novell.com
Cookie __utma=64695856.1854549277.1373976067.1373976067.1373976067.1; __utmz=64695856.1373976067.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); novell_language=en-us; SESS7fc2d76e982b2b18cf941912c33a751e=92kpvpbj2o86khhu91n1enj2g5; novell_temp_lang=en-us; ZNPCQ003-38343200=cec434a7; lb_snovell=OKODEBIJ; ZNPCQ003-36383700=47f21c8a; ZNPCQ003-32393600=ce2ade55; lb_novell=NOODEBIJ; novell_search_campaign=; novell_search_paid_keyword=; IPCZQX03bafce9af=01005f0093022f2d0bccb9c841d647d9ca59cdc5; ZNPCQ003-31353600=a1b14cc2;IPCZQX03bafce9af=01005f0093022f2d0bccb9c841d647d9ca59cdc5
X-MagDebug 1
Authorization Basic YWRtaW46bm92ZWxsMTIz
Connection keep-alive
Pragma no-cache
Cache-Control no-cache


Fixed in 3.2.2 IR1