LoadMaster Extended Log Files



This article provides an insight of the Extended Log Files you can find and review on your LoadMaster.


Extended Logs

A. Connection Logs

B. Security Logs

C. User Logs


A. Connection Logs

The Connection Logs are used to determine when a connection has been established to a specific Edge Security Pack (ESP) service and from what origin (client and port) the connection came from.


B.Security Logs

The Security Logs show some attacks, usage of a not allowed Host name or Directory.

In the example below, the Allowed Virtual Hosts have been set to mail.foxworld.loc (so anything other than the set host name is blocked) but the client used the Virtual Service IP address instead of a host name and got blocked as expected. This resulted in an access denied response.



In the example below, the Allowed Virtual Directories has not been set at all or set to a different directory, so the client received an access denied error.


On firmware versions below, logs like the ones below were recorded when special characters were set in the SSO Greeting Message for the ESP Image Set.

Sep 8 10:45:46 KEMP01 l7log: Attempted XSS attack on from (dtcode 7) 
Sep 8 10:47:02 KEMP01 l7log: Attempted XSS attack on from (dtcode 7) 


C. User Logs

The User Logs, reveal the source IP address, the username, and where this user went after logon. 

You can only see a username here if the LoadMaster has been actively involved in the authentication, either with Forms Based or Basic Authentication.

The below example shows the user administrator@foxworld.loc has successfully authenticated to their Exchange mailbox. The last highlighted line is the log for a successful logout.


This sample shows the log message for the user mmaxwell, that was denied access. There may be multiple reasons for this. The credentials (username and password) could have been incorrect. Or, if permitted groups are set, this user might not be part of the permitted groups.

Note: If you use a LoadMaster firmware version below 7.2.37, this log message also appears for expired passwords.



The example below shows that the user mmaxwell has an expired password and must reset it.

The two lines below reveal that the user did request the password reset and would then be able to logon properly again.





Was this article helpful?

0 out of 0 found this helpful