Log Virtual Service Connections Using ESP without authentication

Summary:

ESP can be used to log connections to a virtual service by IP even if ESP is not used for user authentication.

 

Details:

Enable ESP on the relevant virtual service and under ESP logging enable "Connection". Then Set Client Authentication mode to "Delegate to server" (in previuos firmware this is "none") and enter your "Allowed Virtual Hosts, multiple hosts can be specified, using space separated.

Under "Allowed Virtual Directories" use "/*".  And under Pre-Authorization Excluded Directories  use "/*"

This means all requests will be pre-excluded and therefore passed to the server, however the option under ESP logging will ensure all connections are logged by IP address.

 

Logs can be viewed under

Logging Options-Extended Log files - ESP Connection Log.

 

Was this article helpful?

0 out of 0 found this helpful

Comments

Avatar
its-netsvcs

Those options don't appear to be available for me.

Avatar
Justin Federico

@its-netsvcs

You will not be able to see the ESP Options if your virtual service is for HTTPS and you do not have SSL Acceleration enabled under SSL Properties. If this does not apply to your issue please reach out to our support team by clicking the "Contact Support" link.

Avatar
Mark Hoffmann -- Technical Product Manager

Hi and thanks for posting,

I've added your vote to the existing feature request for visibility into connecting client IPs and server-side NATs in the LoadMaster log. I will post here again when this feature is taken into a release.

Best regards,
Mark

Avatar
infrastructure

Setting this stops my users from logging into the RDP server behind the NAT. If I take it off the users can log in fine. I need to know what time and what IP address is logging into RDP server. Is there any other way to log connections?

 

UPDATE: If I log at  a VS level its ok, its just if I set this as  SubVS level it stops the users log in.

Thanks in advnace

Andrew

Edited by infrastructure