Enable and capture the SSL proxy debug logs on EdgeSWG (ProxySG)
search cancel

Enable and capture the SSL proxy debug logs on EdgeSWG (ProxySG)

book

Article ID: 166084

calendar_today

Updated On:

Products

ProxySG Software - SGOS Advanced Secure Gateway Software - ASG

Issue/Introduction

An SSLDebug Log has been requested by Broadcom support team.

Resolution

Follow these steps when instructed to do so by Proxy Technical Support.

How to Get a SSL Proxy Debug Log

  1. Navigate to the advanced HTTP console url: https://<proxy-ip>:8082/sslproxy/setdebugmask .
    Here you will need to specify the debug masks. In most cases you will need to select all of the options.

  2. Afterwards Navigate to the actual debug output page at https://<proxy-ip>:8082/sslproxy/Debug, or simply follow the Display SSL Proxy Debug Info link from the SetDebugMask console page.

  3. Starting with SGOS 7.x SSL proxy debug can be filtered with a single client IP or server IP or both at the same time. This option will show up under Set Debug Filter - under SGOS 7.x and higher versions.

  4. Clear the debug log and reproduce the issue related to the https url, once reproduced, quickly refresh the /sslproxy/Debug console URL (as it may get overwritten by logs for other urls). This will display the ssl proxy debug log that can be saved and shared with Broadcom support team for review.

Example Output:. 

6015.082 --- End Log [01/Oct/2009:23:14:19 +0800] ---
5928.033 --- End Log [01/Oct/2009:23:12:52 +0800] ---
4106.360 SSLW 96C52990 (2987C44): shutdown: SSL Worker previous state 3, error code 6, line 565
4106.360 SSLW 96C52990 (2987C44): Connect_to_server failed, reason=TE_CONNECT_ERROR_SOCKET_FAILURE
4101.360 SSLW 96C11990 (2987BD8): shutdown: SSL Worker previous state 3, error code 6, line 565
4101.360 SSLW 96C11990 (2987BD8): Connect_to_server failed, reason=TE_CONNECT_ERROR_SOCKET_FAILURE
4031.393 SSLW 96C52990 (2987C44): SSL Intercept URL: "ssl://10.105.13.19:443/"
4026.391 SSLW 96C11990 (2987BD8): SSL Intercept URL: "ssl://10.105.13.19:443/"
2267.826 SSLW 96C07990 (2987D88): shutdown: SSL Worker previous state 3, error code 6, line 565
2267.826 SSLW 96C07990 (2987D88): Connect_to_server failed, reason=TE_CONNECT_ERROR_LOOP_CONNECTION
2267.824 SSLW 96C07990 (2987D88): SSL Intercept URL: "ssl://10.105.13.18:443/"
2267.819 SSLW 96C07990 (2987D88): shutdown: SSL Worker previous state 3, error code 6, line 565
2267.819 SSLW 96C07990 (2987D88): Connect_to_server failed, reason=TE_CONNECT_ERROR_LOOP_CONNECTION
2267.818 SSLW 96C07990 (2987D88): Allocating external session cache for ctx 40C75220
2267.815 SSLW 96C07990 (2987D88): SSL Intercept URL: "ssl://10.105.13.18:443/"
0019.571 SSL-map Proprietor (297F4D8): Index for ctx extra data is 1

Additional Information

NOTE: The events of these debug logs are ordered in time, from bottom to upwards.