How to enable L25 debug traces from the LoadMaster's WUI
How to enable L25 debug traces from the LoadMaster's WUI using the Extended Logs
Application: HTTP(S) based applications
How to enable L25 debug traces to inspect HTTPS traffic in clear text when a packet capture is not possible through the LoadMaster
|Steps to Reproduce:|
|Cause:||When SSL Acceleration is enabled and it is also set to reencrypt, a packet capture is not the most feasible option to inspect traffic through the LoadMaster since HTTP requests and responses are encrypted end-to-end.|
NOTE: Enabling L25 debug logs may expose sensitive information.
Extended Debug logs need to be enabled prior enabling L25 logs. This can be enabled by going to System Configuration > Logging Options > System Log Files > Debug Options > Enable Extended Debug.
L25 debug traces can be enabled by going to Virtual Services > View/Modify Services > Modify > Extended Debug > Full Debug + HTTP Headers.
By default, the logs will look like below:
2022-10-11T18:03:38+00:00 lb100 kernel: L7: ffff88806f389d10: RS 10.67.48.140:80 aconns 0 refcnt 2 weight 1000 2
As shown above, even though L25 logs are enabled, the logs do not show the actual HTTP requests coming from the client. This is because L25 will only work if the LM is doing something to process the HTTP request. If we are operating at Kernel-level request processing then nothing is seen in the logs. Without invoking the L7 Engine, the LM will act as a simple request forwarder.
To get the L7 engine involved, Super HTTP or Active Cookie can be used as persistence methods, or even as simple as setting a HTTP error code in the Not Available Redirection Handling section (most options in Advanced Properties will invocke the L7 engine).
Once these changes are reflected, the logs will look like the following:
2022-10-11T18:06:42+00:00 lb100 kernel: L7: ffff88807041cd10: SSL accept on 10.67.48.150:443 from 10.248.3.29:61806 (0) 2