Logging VPN client traffic to IAG

  • Article

Applies To: Intelligent Application Gateway (IAG)

You can log VPN client traffic to Whale Communications Intelligent Application Gateway (IAG) 2007 as follows:

  • With Service Pack 2 installed, IAG automatically logs the IP addresses allocated to remote VPN clients connecting to the IAG Network Connector application. Information logged includes the user name and domain (in the format DOMAIN\username) and the IP address allocated to the remote client from the VPN clients IP address pool.

  • You can enable and configure detailed logging of Network Connector traffic. You should only enable Network Connector logging when troubleshooting because logging creates heavy, accumulative dump files. These files are not deleted automatically and may reduce the server performance considerably. Note that dump files can be written, read, and deleted while there are active sessions to the Network Connector application.

Enabling Network Connector logging

Enable and configure Network Connector logging as follows:

To enable logging of network traffic on the Network Connector server

  1. On the computer where the network connector server is installed, access the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\RemoteAccess

  2. Create the following new registry key: NetworkConnector.

  3. Under the key you created in step 2, create a DWORD value named log\sniff. Do one of the following:

    • To enable logging of low-level network traffic to and from remote clients, set the DWORD value to 1.

    • To enable logging of tunneled network traffic to and from remote clients, set the value to 2.

    • To enable logging of both low-level and tunneled network traffic to and from remote clients, set the value to 3.

  4. When you finish troubleshooting, to disable logging, set the log\sniff value to 0.

Notes

  • The dump files are written in TCPDUMP format.

  • The low-level and tunneled traffic dumps consist of similar information but are not necessarily the same, because not all low-level traffic is tunneled and vice versa.

  • The log\sniff registry value is polled by the server executable while running, and it may be updated while the network connector is in session.

  • The dump files are created in the same location where the log files are created, with the following file names:

    • Low-level network traffic: <log_file_name>.lowlevel.dmp

    • Tunneled network traffic: <log_file_name>.tunneldmp

Configuring Network Connector logging

Log traffic from remote VPN clients connecting to IAG Network Connector as follows:

To log remote VPN client connecting with network connector

  1. In the Configuration program, on the Admin menu, click Network Connector Server.

  2. In Network Connector Server, select the Advanced tab.

  3. In Log Level, specify the level of log detail required for network connector traffic. You can specify a level between 1 and 5, where 5 is the most detailed. It is recommended that you log network connector traffic when troubleshooting and then set to value to 0 to disable logging when troubleshooting is complete.

  4. In Log Path, specify one of the following locations:

    • To specify that the log file is created in the same folder as that in which the server executable resides, select Server Executable Path. Usually this is the following location:

      \Whale-Com\e-Gap\common\big\whlios.log

    • To specify a custom location, select Alternative Path, and then type the folder path.

Note

Log files can be written, read, and deleted when there are active sessions to the Network Connector application.