cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Adi2
Level 7
Report Inappropriate Content
Message 1 of 6

Rule tracing central issue. Doesn't s show results while real time rule tracing.

Hi guys, 

I have an issue with rule tracing in web gateway cluster environment.

I can't see the analysis results of rule tracing in tracing pane while tracing connections from client IP, it just remains empty.

However I see the rule tracing files created  from each client request to web  gateway , and I can just click on analyze button  and the result appears in tracing pane, but not while real time rule tracing.

The issue is not permanent and appears on and off while tracing requests from different client ip's from different segments in organization network . 

Most often this issue happens, when traffic pass through second member in cluster.

Please help to solve it. I attached some screenshots from real time rule tracing.

Thank you 

5 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Rule tracing central issue. Doesn't s show results while real time rule tracing.

Next to the field where you enter the Client IP address you need to select the appliance from the dropdown menu which is receiving the traffic. Is the right box selected here?

 

Adi2
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Rule tracing central issue. Doesn't s show results while real time rule tracing.

You mean the cluster member, that client IP is sending request to ? (attached screenshot).

Yes, I chose the right one. When I'm sending request to the VIP , I see which cluster member starts creating the rule tracing files. the problem is , that the content of those files are not displaying on trace pane .

 

 

AaronT
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Rule tracing central issue. Doesn't s show results while real time rule tracing.

Is your cluster load-balanced?  We have that, an have to explicitly define the proxy on the client to ensure the traffic goes to just one proxy.  Once we do that, we have very few issues doing rule traces on specific IPs at specific proxies.  If it's load-balanced, and you don't specify, all bets are off on which proxy will get the traffic

Adi2
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Rule tracing central issue. Doesn't s show results while real time rule tracing.

Hi Aaron,

It is load-balanced. We are working with MCP client, which redirects the traffic to proxy VIP, than  the traffic load balance between cluster nodes.

Thank you 

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Rule tracing central issue. Doesn't s show results while real time rule tracing.

I am not aware of any reason why the rule trace central should not show the traces, if the IP address is matching and the tracing is started on the correct machine.

It might make sense to file a request with support, add one of the rule traces that does not show up in the UI (but ends up in the logs/debug/ruleengine_traces folder, in case I understood correctly). and a feedback, so we can take a look and check if there is anything obvious.

At the moment I have no further idea. Is the load balancing done by MWG of by a load balancer? In that case it might be required to type in the IP address of the load balancer, it depends a bit on what IP address MWG sees as the source IP (a rule trace given to support could shed some light).

Best,
Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community