Environment
NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
NetIQ Access Manager Access Gateway
NetIQ Access Manager 4.0
NetIQ Access Manager Access Gateway
Situation
Admin wants to log the SSL/TLS protocol versions of all HTTP requests coming into their Access Gateway servers. The HTTP logs provide a lot of flexibility in terms of what can be logged, yet do not mention any details on SSL/TLS versions.
Resolution
Common or Extended HTTP logs are for HTTP level information; SSL/TLS falls into a layer below this, and therefor cannot be logged. There are however two workarounds which one could try:
1) edit /etc/opt/novell/apache2/conf/httpd.conf
uncomment following lines add the bolded text SSL_PROTCOL
LogFormat "%h %l %u %t \"%r\" %>s %b %{SSL_PROTOCOL}x" common
CustomLog "/var/log/novell-apache2/access_log" common
More details are available from http://httpd.apache.org/docs/2.2/mod/mod_ssl.html (under CustomLog format section)
2) add an advanced option in the PR where you want this additional log
Include /etc/opt/novell/apache2/conf/mypr1.conf
Create this file with the following content before applying
LogFormat "%{%Y-%m-%d %H:%M:%S}t %a \"%{Cache-Control}o\" %L %B %X \"%{X-Forwarded-For}i\" %I \"%{ETag}o\" \"%{If-Range}o\" \"%{Range}o\" \"%{Content-Range}o\" \"%{Pragma}i\" \"%{Pragma}o\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x" mypr1
CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell/reverse/rp1/ps1-ps1.extended.log.%Y-%m-%d-%H_%M_%S\" 10M 7files" mypr1 env=ps1
In both the above options, you cannot have "extended logging" enabled for the PR. However, with the above changes, the statements will do what you do in extended logging with the exception of losing the ability to add/modify logging options from the Admin console.
1) edit /etc/opt/novell/apache2/conf/httpd.conf
uncomment following lines add the bolded text SSL_PROTCOL
LogFormat "%h %l %u %t \"%r\" %>s %b %{SSL_PROTOCOL}x" common
CustomLog "/var/log/novell-apache2/access_log" common
More details are available from http://httpd.apache.org/docs/2.2/mod/mod_ssl.html (under CustomLog format section)
2) add an advanced option in the PR where you want this additional log
Include /etc/opt/novell/apache2/conf/mypr1.conf
Create this file with the following content before applying
LogFormat "%{%Y-%m-%d %H:%M:%S}t %a \"%{Cache-Control}o\" %L %B %X \"%{X-Forwarded-For}i\" %I \"%{ETag}o\" \"%{If-Range}o\" \"%{Range}o\" \"%{Content-Range}o\" \"%{Pragma}i\" \"%{Pragma}o\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x" mypr1
CustomLog "|\"/opt/novell/apache2/sbin/rotatelogs\" \"/var/log/novell/reverse/rp1/ps1-ps1.extended.log.%Y-%m-%d-%H_%M_%S\" 10M 7files" mypr1 env=ps1
In both the above options, you cannot have "extended logging" enabled for the PR. However, with the above changes, the statements will do what you do in extended logging with the exception of losing the ability to add/modify logging options from the Admin console.