Showing results for 
Show  only  | Search instead for 
Did you mean: 

Rule Tracing Across a Cluster?

Does anyone know if there are any plans for having cluster-wide rule tracing feature so you don't have to know the particular cluster member a user is on?

6 Replies
Level 10
Report Inappropriate Content
Message 2 of 7

Re: Rule Tracing Across a Cluster?


There is no way but you can do it in the following way.

In the rule where you enable rule trace you can add the event Email.Send.

Using this you can send you an Email with the Hostname of the Proxy where the client is active.....

[✔] Enabled rule trace
1: Client.IP equals
ContinueEmail.Send("","Rule trace enable",String.Concat("Rule trace active for ",String.Concat(IP.ToString(Client.IP),String.Concat(" on Proxy ",String.Concat(System.HostName,String.Concat(" - ",IP.ToString(Proxy.IP)))))))<Default>

Since the default Email Setting prevents sending dulicate mails for 60 minutes you will only receive one email when rule trace is used for the first time.


McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 7

Re: Rule Tracing Across a Cluster?

This is usually not required to trace whole cluster as any client will be sticky to one node within an active time period. Alternative you might enter Member Node IP instead of Virtual IP for testing.


Best Regards,

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 7

Re: Rule Tracing Across a Cluster?

Hi Matt,

Not yet for rule tracing across the cluster from rule tracing central (Troubleshooting > Rule tracing central). But it is possible to enable rule tracing in the rules across all cluster members to trace for a single user. The easy way to do this is to update a rule to include the client IP, then analyze the rule traces.

Easy way:

However sometimes organizations dont allow changes to be done to the rules (no matter how simple they are).

<sorry if this goes off topic or into the weeds>

Cool way:

I do this with PDstorage by setting up a helpdesk page. The helpdesk page has a list of features which are on or off by default.

The user can "toggle" the feature by clicking a link on the helpdesk page. Examples of this might be enable rule tracing, disable URL Filtering, or enable Quarantine when a virus is found for example. Each of these "toggle's" are tied to the IP which requested the feature be toggled.

In the case of rule tracing, they'd go to the helpdesk page, enable tracing, reproduce the problem, disable tracing, then you as an admin can find the traces in the rule tracing files for analysis.

The example I have puts the control into the user's hands which works for me, but would probably need to be tailored a bit to your requirements.

If there is interest in this I can cleanup my rules for a general audience.

Best Regards,


Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: Rule Tracing Across a Cluster?

WOW, ​,

this is a really cool Block Page. Is this page public?? 🙂

​, another option is to enable Rule tracing in the Ruleset for a specific IP, Domain, URL and so on. Afterwards you can load this traces in the Rule Tracing central. There is an option to load the trace file from the local system. So, it is not a "one-click" feature, but you can do a trace even you do not know which proxy is used by the user and when the problem occurs.

Hope this helps,


Re: Rule Tracing Across a Cluster?

Thanks as always Jon!

Yes, I would love to see that helpdesk page code.



Former Member
Not applicable
Report Inappropriate Content
Message 7 of 7

Re: Rule Tracing Across a Cluster?

Attached is the ruleset and an unscripted video I recorded just to show how to import the blockpages and the ruleset. The outcome of this ruleset is that you will have something that allows the user to enable rule tracing on their own by visiting ""; they then click a button to enable it. You can then add more toggles by making changes described below.

You must import the blockpages, then the ruleset second.

I would advise putting this on a test system to see how it works for you.

If you want to create your own toggle, you can rinse and repeat with the "Toggle Rule Tracing" ruleset. You just need to change the rule for "Set feature name, TTL".

and secondly, create your own boolean user-defined property:

Please let me know if you have any questions.

Best Regards,


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community