Category logging is inconsistent when 'x-rs-certificate-hostname-categories' and 'cs-categories' format fields are present in log format

book

Article ID: 168545

calendar_today

Updated On:

Products

Asset Management Solution ProxySG Software - SGOS

Issue/Introduction

When only the cs-categories field is present, a248.e.akamai.net  is logged as "Content Servers":

#Software: SGOS 6.5.5.7
#Version: 1.0
#Start-Date: 2014-04-14 06:08:46
#Date: 2014-04-14 03:33:10
#Fields: date time cs-method cs-uri-scheme cs-host cs-uri-stem x-rs-certificate-hostname cs-categories
#Remark: 4512160005 "SG300" "10.10.10.10" "ssl"
2014-04-14 06:08:44 unknown ssl a248.e.akamai.net ssl://a248.e.akamai.net:443/ *.akamaihd.net "Content Servers"


When the x-rs-certificate-hostname-categories field is added to the SSL access log format, it is logged as "Content Servers":

#Software: SGOS 6.5.5.7
#Version: 1.0
#Start-Date: 2014-04-14 06:10:17
#Date: 2014-04-14 03:33:10
#Fields: date time cs-method cs-uri-scheme cs-host cs-uri-stem x-rs-certificate-hostname cs-categories x-rs-certificate-hostname-categories
#Remark: 4512160005 "SG300" "10.10.10.10" "ssl"
2014-04-14 06:10:15 unknown ssl a248.e.akamai.net ssl://a248.e.akamai.net:443/ *.akamaihd.net "Content Servers" "Content Servers"


If cs-categories is removed from the SSL access log format, x-rs-certificate-hostname-categories is logged as "TV/Video Streams;Content Servers":

#Software: SGOS 6.5.5.7
#Version: 1.0
#Start-Date: 2014-04-14 06:12:15
#Date: 2014-04-14 03:33:10
#Fields: date time cs-method cs-uri-scheme cs-host cs-uri-stem x-rs-certificate-hostname x-rs-certificate-hostname-categories
#Remark: 4512160005 "SG300" "10.10.10.10" "ssl"
2014-04-14 06:12:12 unknown ssl a248.e.akamai.net ssl://a248.e.akamai.net:443/ *.akamaihd.net "TV/Video Streams;Content Servers"

Resolution

This issue is resolved in SGOS 6.5.7.1. Categories are now logged correctly when both 'x-rs-certificate-hostname-categories' and 'cs-categories' format fields are added to the log format.

Workaround

Modify the access log format so that only one of the two fields is requested.