The SOCKS accesslog's s-action contains many FAILED log.
search cancel

The SOCKS accesslog's s-action contains many FAILED log.


Article ID: 213779


Updated On:


ProxySG Software - SGOS Advanced Secure Gateway Software - ASG


ProxySG is intercepting SOCKS protocol and SOCKS traffic is no problem.
But the SOCKS's accesslog is indicating many FAILED log in s-action fields per 5 seconds.

  • Intercepting SOCKS protocol by ProxySG
  • Modify and enabling gather accesslog for the SOCKS traffic
  • Running health check to ProxySG's SOCKS port from load balancer (The c-ip's IP address)

The load balancer's health check of tcp 3 way hand shake is no problem.
Why ProxySG treat as FAILED the load balancer's health check traffic?


Release : SGOS6.7.x.x

Component : accesslog


ProxySG not classify normal SOCKS traffic and health check traffic.
The health check traffic is finished when the tcp 3 way hand shake successfully finish but ProxySG wait next SOCKS traffic so ProxySG thought that traffic unexpectedly finish.


ProxySG is able to disable to write specific traffic for accesslog by policy in web access layer.

===========VPM CPL==================================
define condition __PROTO_1
end condition __PROTO_1

;; Tab: [Web Access Layer (1)]
client.address=XXX.XXX.XXX.XXX/32 condition=__PROTO_1 access_log(no) ; Rule 1
===========VPM CPL==================================
The XXX.XXX.XXX.XXX is load balancer IP address.