Expanded ESP User Logs
This article relates to LoadMaster firmware version 7.2.51.
In LoadMaster firmware version 7.2.51, the Edge Security Pack (ESP) user logs were expanded to be more useful and applicable to enterprise customers with extensive logging infrastructure. User Authentication, Authorization, and Accounting (AAA) information is included in the logs, including the time of request, username, domain, AAA server, AAA protocol type, AAA result, and error message.
To view, clear, and save the ESP user logs, go to System Configuration > Logging Options > Extended Log Files in the LoadMaster User Interface (UI).
Here is an example of these logs:
2020-06-23T17:18:09+01:00 AK-TEST-VLM ssomgr: vs=65 user=exampleuser domain=kpauto.net server=172.20.7.170 protocol=LDAP Unencrypted result=0:Success
2020-06-23T17:15:49+01:00 AK-TEST-VLM ssomgr: vs=58 user=kpauto\exampleuser domain=kpauto.net server=172.20.7.170 protocol=RADIUS result=1:Timeout
You can generate these logs in Common Event Format (CEF) by enabling the Use CEF Log Format check box in System Configuration > Miscellaneous Options > L7 Configuration. Here is an example of these CEF logs:
2020-06-23T16:58:57+01:00 AK-TEST-VLM ssomgr: CEF:0|Kemp|LM|1.0|20|User AAA|0|vs=65 user=exampleuser domain=kpauto.net server=172.20.7.170 protocol=LDAP Unencrypted result=0:Success
2020-06-23T17:07:02+01:00 AK-TEST-VLM ssomgr: CEF:0|Kemp|LM|1.0|20|User AAA|0|vs=58 user=kpauto\ domain=kpauto.net server=172.20.7.170 protocol=RADIUS and LDAP Unencrypted result=1:Timeout
All logs related to ESP that are produced by Layer7 (including the connection, security, and user logs) support CEF. All other logs produced by SSOMGR/Layer7 that are printed in /var/log/messages are not in CEF.