Access Gateway httpheader and error_log files missing large number of entries

  • 7018314
  • 22-Nov-2016
  • 22-Nov-2016

Environment

NetIQ Access Manager 4.3
NetIQ Access Manager 4.2
NetIQ Access Gateway
Red Hat Enterprise Linux Server 6

Situation

Access Manager 4.2 components (Admin Console, Identity Server and Access Gateway) running on Red Hat Enterprise Server 6.6. As part of a troubleshooting exercise, the administrator added some Access Gateway Advanced options to log HTTP headers of requests in and out of the Access Gateway (AG), as well as set the Apache LogLevel to debug to log more information about each request.

After enabling these log settings and looking at the logs under /var/log/novell-apache2/, only a fraction of the events were logged to both the httpheaders and error_log files. Not only that, but we could only see the requests from the client to the proxy, but not from the proxy to the webserver.

Resolution

Disable rsyslog rate limiting using the following steps :

1.Edit /etc/rsyslog.conf

2.Add the following parameters under "$ModLoad imuxsock # needs to be done just once" section.

Raw
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0
$IMUXSockRateLimitBurst 0
$IMUXSockRateLimitInterval 0
$IMUXSockRateLimitSeverity 7

3.Restart rsyslog:

# service rsyslog restart

Additional Information

More details about the parameters mentioned above:

$SystemLogRateLimitInterval [number]
$SystemLogRateLimitBurst [number]

The SystemLogRateLimitInterval determines the amount of time that is being measured for rate limiting. By default this is set to 5 seconds. The SystemLogRateLimitBurst defines the amount of messages, that have to occur in the time limit of SystemLogRateLimitInterval, to trigger rate limiting. Here, the default is 200 messages. For creating a more effective test, we will alter the default values.

 $IMUXSockRateLimitBurst [number] - equivalent to: RateLimit.Burst, specifies the rate-limiting burst in number of messages. Default is 200.

 $IMUXSockRateLimitSeverity [numerical severity] - equivalent to: RateLimit.Severity, which specifies the severity of messages that shall be rate-limited.