How to log Virtual Service Connections using ESP
Summary:
ESP (Edge Security Pack) can be used to log connections to a virtual service by Client Source IP address, even if ESP is not used for user authentication.
Details:
Enable ESP on the relevant virtual service and under ESP logging enable "Connection". Then Set Client Authentication mode to "Delegate to server" (in previous firmware this is "none") and enter your "Allowed Virtual Hosts, multiple hosts can be specified, using space-separated.
Under "Allowed Virtual Directories" use "/*".
This means all requests will be pre-excluded and therefore passed to the server. However, the option under ESP logging will ensure all connections are logged by the Client IP address.
Logs can be viewed under
Logging Options > Extended Log files > ESP Connection Log.
Comments

@its-netsvcs
You will not be able to see the ESP Options if your virtual service is for HTTPS and you do not have SSL Acceleration enabled under SSL Properties. If this does not apply to your issue please reach out to our support team by clicking the "Contact Support" link.

Hi and thanks for posting,
I've added your vote to the existing feature request for visibility into connecting client IPs and server-side NATs in the LoadMaster log. I will post here again when this feature is taken into a release.
Best regards,
Mark

Setting this stops my users from logging into the RDP server behind the NAT. If I take it off the users can log in fine. I need to know what time and what IP address is logging into RDP server. Is there any other way to log connections?
UPDATE: If I log at a VS level its ok, its just if I set this as SubVS level it stops the users log in.
Thanks in advnace
Andrew

Hi, although I activate ESP logs last week I can only see logs from a few hours before. How can I use it to monitor all the connections to my virtual services and keep an historical log? is there any possibility to send the log file to another remote log server?
Thank you very much

In case this helps anyone else that is just trying to use ESP for logging only, I found the following to be helpful:
- You can use *.* in the allowed virtual hosts to allow all. I tried different variations (*, .*, etc.) before landing on this one.
- These logs can be sent to a syslog destination by following the instructions here: https://support.kemptechnologies.com/hc/en-us/articles/6942631788685-Export-Connection-Logs
- You can also enable CEF format for the logs.
Ben Granholm
Those options don't appear to be available for me.