Beta Extended L7 Debug
This document relates to additional logging capabilities that enable debug and client trace logging at a per-Virtual Service (VS) level. Because this is a beta feature, only configuring using the Web User Interface (WUI) is supported, no Application Program Interface (API) functionality has been implemented.
There is a global debug option called Enable L7 Debug Traces that enables debugging on all Layer 7 (L7) connections. This global setting has precedence over the new Extended L7 debug feature capabilities outlined below.
This new beta feature allows additional logging capabilities that enables debug logging on a per-VS level and a further option to limit the logging by specifying the client IP address. All logs associated with this feature are recorded in the system messages file messages.txt.
You can enable this feature using the Enable Extended L7 Debug setting in the System Configuration > Logging Options > System Log Files > Debug Options page.
Enabling Extended L7 Debug does not start logging. By default, the L7 Debug Level is set to No Debug for all Virtual Services and SubVSs. To enable logging for a particular Virtual Service or SubVS, you must set the L7 Debug Level to Call Tracing or Full Debug in the Extended Debug section of the Virtual Service or SubVS modify screen.
Enabling Extended L7 Debug option can consume more resources and it is possible that some authorization parameters may be exposed. Only enable this option if recommended by Kemp Support.
When this option is enabled, the Extended Debug configuration item is made available to all VSs. When using Sub-Virtual Services (SubVSs), the Extended Debug settings are also inherited by the SubVS, so that a single call can be logged in its entirety. It is also possible to enable debug on only a single SubVS if required.
When Enable Extended L7 Debug is set, the Extended Debug options are available when configuring or modifying a VS. The options available are:
- L7 Debug Level: There are currently three levels available; No Debug, Call Tracing, and Full Debug. Call Tracing is a basic level log that displays most relevant operations, while Full Debug displays all available debug logs, which is the same as the global setting of Enable L7 Debug Traces but on a per-VS level.
In LoadMaster firmware version 7.2.53, a new value was added to the L7 Debug Level drop-down list called Full Debug + HTTP Headers.
Warning: Setting the L7 Debug Level to Full Debug + HTTP Headers may expose sensitive information.
- Client To Trace: It is also possible to limit the debug information even further by specifying a client IP address (you can specify an IPv4 or IPv6 address). If an address is specified, only connections coming from that specific client IP are logged/traced. This allows debugging capability from a single address.
This document was last updated on 22 February 2022.