6 Replies Latest reply on Nov 22, 2016 11:35 PM by Jon Scholten

    Rule Tracing Across a Cluster?

    matthew.stokes

      Does anyone know if there are any plans for having cluster-wide rule tracing feature so you don't have to know the particular cluster member a user is on?

        • 1. Re: Rule Tracing Across a Cluster?
          feickholt

          :-)

          There is no way but you can do it in the following way.

          In the rule where you enable rule trace you can add the event Email.Send.

          Using this you can send you an Email with the Hostname of the Proxy where the client is active.....

           

          EnabledRuleActionEventsComments
          [✔] Enabled rule trace
          1: Client.IP equals 10.1.1.1
          ContinueEmail.Send("yourmail@mail.com","Rule trace enable",String.Concat("Rule trace active for ",String.Concat(IP.ToString(Client.IP),String.Concat(" on Proxy ",String.Concat(System.HostName,String.Concat(" - ",IP.ToString(Proxy.IP)))))))<Default>

          Since the default Email Setting prevents sending dulicate mails for 60 minutes you will only receive one email when rule trace is used for the first time.

           

           

          Frank

          • 2. Re: Rule Tracing Across a Cluster?
            smasnizk

            This is usually not required to trace whole cluster as any client will be sticky to one node within an active time period. Alternative you might enter Member Node IP instead of Virtual IP for testing.

             

            -Sergej

            • 3. Re: Rule Tracing Across a Cluster?
              Jon Scholten

              Hi Matt,

               

              Not yet for rule tracing across the cluster from rule tracing central (Troubleshooting > Rule tracing central). But it is possible to enable rule tracing in the rules across all cluster members to trace for a single user. The easy way to do this is to update a rule to include the client IP, then analyze the rule traces.

               

              Easy way:

               

               

              However sometimes organizations dont allow changes to be done to the rules (no matter how simple they are).

               

              <sorry if this goes off topic or into the weeds>

               

              Cool way:

              I do this with PDstorage by setting up a helpdesk page. The helpdesk page has a list of features which are on or off by default.

               

              The user can "toggle" the feature by clicking a link on the helpdesk page. Examples of this might be enable rule tracing, disable URL Filtering, or enable Quarantine when a virus is found for example. Each of these "toggle's" are tied to the IP which requested the feature be toggled.

               

               

              In the case of rule tracing, they'd go to the helpdesk page, enable tracing, reproduce the problem, disable tracing, then you as an admin can find the traces in the rule tracing files for analysis.

               

               

              The example I have puts the control into the user's hands which works for me, but would probably need to be tailored a bit to your requirements.

               

              If there is interest in this I can cleanup my rules for a general audience.

               

              Best Regards,

              Jon

              1 of 1 people found this helpful
              • 4. Re: Rule Tracing Across a Cluster?
                Troja

                WOW, jscholte,

                this is a really cool Block Page. Is this page public?? :-)

                 

                matthew.stokes, another option is to enable Rule tracing in the Ruleset for a specific IP, Domain, URL and so on. Afterwards you can load this traces in the Rule Tracing central. There is an option to load the trace file from the local system. So, it is not a "one-click" feature, but you can do a trace even you do not know which proxy is used by the user and when the problem occurs.

                 

                Hope this helps,

                Cheers

                • 5. Re: Rule Tracing Across a Cluster?
                  matthew.stokes

                  Thanks as always Jon!

                   

                  Yes, I would love to see that helpdesk page code.

                   

                  Thanks

                  MattS...

                  • 6. Re: Rule Tracing Across a Cluster?
                    Jon Scholten

                    Attached is the ruleset and an unscripted video I recorded just to show how to import the blockpages and the ruleset. The outcome of this ruleset is that you will have something that allows the user to enable rule tracing on their own by visiting "toggle.mwginternal.com"; they then click a button to enable it. You can then add more toggles by making changes described below.

                     

                    You must import the blockpages, then the ruleset second.

                     

                    I would advise putting this on a test system to see how it works for you.

                     

                    If you want to create your own toggle, you can rinse and repeat with the "Toggle Rule Tracing" ruleset. You just need to change the rule for "Set feature name, TTL".

                     

                     

                    and secondly, create your own boolean user-defined property:

                     

                    Please let me know if you have any questions.

                     

                    Best Regards,

                    Jon

                    1 of 1 people found this helpful