Secure Mobile Access 12.4 Administration Guide

System Message Log

The system message log (/var/log/aventail/access_servers.log) is generated in syslog format (see RFC 3164) and contains message logs for the Web proxy service, the network tunnel service, and the policy server (an internal service that controls policy for the other services). It also provides detailed messages about all access control decisions: each time a user request matches a policy rule, a log file entry is recorded explaining the action taken.

This sample message log entry is followed by descriptions of its elements:

[08/Nov/2016:07:16:24.312477 +0000] E-Class SRASSLVPN 002764 up 00000001 Info System CFG

Pool Init STATIC/NAT id=1 name='HQ-pool2' gid='AV1160554493976A' ndns=2 nwins=2 nsuffix=0

System message log fields
FieldDescription

[08/Nov/2016:07:16:24.312477 +0000]

Precise timestampThis timestamp indicates when the message was generated by the service (Web proxy, network tunnel, network proxy, or policy). This is a more accurate timestamp than the one generated by syslog because the logging system buffers messages before sending them to syslog.

E-Class SRASSLVPN

Appliance name

This name can be changed on the Network Settings page in AMC (on the Configure Basic Network Settings page).

002764

Process ID (PID)

Every application that is running is assigned a process ID. This PID identifies the application that generated the log entry.

up

Application ID

Identifies the server process that generated the message. The possible IDs are:

  • ap (API server)

  • cp (SMA distributed cache client: policy server, client credential storage)

  • dc (SMA distributed cache server: policy server, client credential storage)

  • ev (network tunnel service—kernel component)

  • ew (Web proxy service)

  • fm (failover monitor)

  • kp (network tunnel kernel mode policy server interface)

  • ks (network tunnel kernel mode interface to SSL daemon)

  • kt (kernel tunnel component)

  • ls (log server)

  • ps (policy service) (Also see Auditing Access Policy Decisions)

  • pt (ping/traceroute tools)

  • uk (unknown)

  • up (network tunnel policy server daemon)

  • us (network tunnel user space SSL daemon)

00000001

Context ID

The context ID is a unique value used to tie related logs from all four services (Web proxy, network tunnel, network proxy, policy, and WorkPlace) together. You can use the context ID to search for all messages related to a single user session. If a message is not tied to a particular user session, it is assigned a number lower than 00000010. The first digit of this ID indicates which service originally generated the session:

  • 0 (policy service)

  • 1 (Web proxy service)

  • 3 (WorkPlace service)

Info

Severity

The message severity levels are:

  • Error—A problem caused the server to shut down or fail to communicate with another component. A name resolution problem at startup is logged at this level.

  • Warning—Something unexpected occurred that does not adversely affect the operation of the server. For example, a single failed attempt to access a RADIUS server is logged at the Info level, but if all attempts fail, an entry is added to the log file at the Warning level.

  • Info—A normal event that you might want to track; for example, a specific user has logged in, or has matched a given access control rule.

  • Verbose—Like an Info message, this level identifies normal operations, but includes the steps in a process. For example, when processing access control rules a message for each non-match is at the Verbose level, while a matched rule is identified as Info.

System

Message type

Indicates what part of the server logged the message.

CFG Pool Init STATIC/NAT id=1 name='HQ-pool2' gid='AV1160554493976A' ndns=2 nwins=2 nsuffix=0
Message textThe text following all the identifying information is the message itself. See Auditing Access Policy Decisions for an explanation of the message text for access policy decisions.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.