Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Expanded ESP User Logs

This article relates to LoadMaster firmware version 7.2.51.

In LoadMaster firmware version 7.2.51, the Edge Security Pack (ESP) user logs were expanded to be more useful and applicable to enterprise customers with extensive logging infrastructure. User Authentication, Authorization, and Accounting (AAA) information is included in the logs, including the time of request, username, domain, AAA server, AAA protocol type, AAA result, and error message.

To view, clear, and save the ESP user logs, go to System Configuration > Logging Options > Extended Log Files in the LoadMaster User Interface (UI).

Here is an example of these logs:

2020-06-23T17:18:09+01:00 AK-TEST-VLM ssomgr: vs=65 user=exampleuser server= protocol=LDAP Unencrypted result=0:Success


2020-06-23T17:15:49+01:00 AK-TEST-VLM ssomgr: vs=58 user=kpauto\exampleuser server= protocol=RADIUS result=1:Timeout


You can generate these logs in Common Event Format (CEF) by enabling the Use CEF Log Format check box in System Configuration > Miscellaneous Options > L7 Configuration. Here is an example of these CEF logs:

2020-06-23T16:58:57+01:00 AK-TEST-VLM ssomgr: CEF:0|Kemp|LM|1.0|20|User AAA|0|vs=65 user=exampleuser server= protocol=LDAP Unencrypted result=0:Success


2020-06-23T17:07:02+01:00 AK-TEST-VLM ssomgr: CEF:0|Kemp|LM|1.0|20|User AAA|0|vs=58 user=kpauto\ server= protocol=RADIUS and LDAP Unencrypted result=1:Timeout

All logs related to ESP that are produced by Layer7 (including the connection, security, and user logs) support CEF. All other logs produced by SSOMGR/Layer7 that are printed in /var/log/messages are not in CEF.