Environment
NetIQ Access Manager 4.2
NetIQ Access Gateway
Red Hat Enterprise Linux Server 6
Situation
After enabling these log settings and looking at the logs under /var/log/novell-apache2/, only a fraction of the events were logged to both the httpheaders and error_log files. Not only that, but we could only see the requests from the client to the proxy, but not from the proxy to the webserver.
Resolution
Disable rsyslog rate limiting using the following steps :
1.Edit /etc/rsyslog.conf
2.Add the following parameters under "$ModLoad imuxsock # needs to be done just once" section.
Raw
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0
$IMUXSockRateLimitBurst 0
$IMUXSockRateLimitInterval 0
$IMUXSockRateLimitSeverity 7
3.Restart rsyslog:
# service rsyslog restartAdditional Information
More details about the parameters mentioned above:
$SystemLogRateLimitInterval [number]$SystemLogRateLimitBurst [number]
The SystemLogRateLimitInterval determines the amount of time that is being measured for rate limiting. By default this is set to 5 seconds. The SystemLogRateLimitBurst defines the amount of messages, that have to occur in the time limit of SystemLogRateLimitInterval, to trigger rate limiting. Here, the default is 200 messages. For creating a more effective test, we will alter the default values.
$IMUXSockRateLimitBurst [number] - equivalent to: RateLimit.Burst, specifies the rate-limiting burst in number of messages. Default is 200.
$IMUXSockRateLimitSeverity [numerical severity] - equivalent to: RateLimit.Severity, which specifies the severity of messages that shall be rate-limited.