UDP connection logging
search cancel

UDP connection logging

book

Article ID: 274463

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

We have started using UDP-based MS Teams service in our proof-of-concept environment where we noticed that the ProxySG does not log details of the active UDP connections, it only logs a DENIED message 1-2 minutes after the connections stops.

For the testing we use Teams calls and we capture traffic to confirm that the packets are correctly handled by the proxy, still we couldn't find if there were logs generated.

The MS Teams service is in Intercept mode, we have we access layer with UDP-tunnel guard allowing traffic to all MS Teams destinations.

Environment

Release : SG/ASG/ISG-Proxy

Resolution

See the below, for the only-UDP data that would be a part of access logging.

c-pkts-lost-client 7.1.x 6.7.x 6.6.x 6.5.x Number of packets lost during transmission from server to client and not recovered at the client layer via error correction or at the network layer via UDP resends
c-pkts-recovered-resent 7.1.x 6.7.x 6.6.x 6.5.x Number of packets recovered because they were resent via UDP.
transport 7.1.x 6.7.x 6.6.x 6.5.x Transport protocol used (UDP, TCP, multicast, etc.)

 

Ref. doc.: Edge SWG (ProxySG) Access Log Fields

For the above, you will need to have the ELFs added to the log format, in access logging, to have the appliance log the packets, as described.

So, for the request made, this isn't a part of the access logging, by design. 

While the UDP-Tunnel Proxy referenced in the case description was introduced in SGOS 7.3.2.x, No new UDP enhancement, linked with access logging was developed, in addition to the ones shared in the last update. Please refer to page 117, in the release notes attached. So the data shared in the last update remains relevant even for SGOS 7.3.15.2. We will work to update the KB article, internally.

Having said the above, please note that the customer is able to obtain statistics about UDP traffic in various areas of the management console:

  • Active Sessions
  • Advanced URLs:
    • Show UDP proxy debug log - Displays information such as internal settings and error messages
    • Show UDP proxy statistics - Displays basic statistics about memory, flow, and transferred bytes
  • SysInfo

In addition, the ProxySG Admin Console shows UDP Tunnel service information in Reports > Traffic Details.