This section explains the steps to enable, configure and analyse the virtual service application logs.
Virtual services and pools log client-to-application interactions for TCP connections and HTTP requests/responses. These logs can be indexed, viewed, and filtered locally within the NSX Advanced Load Balancer. It is helpful in troubleshooting and surfacing insights on end-user experience and success of the application.
See the Analytics tab of the Create Virtual Service pop-up window for configuring, enabling, filtering, and/or disabling client logs.
NSX Advanced Load Balancer automatically logs common network and application errors under the umbrella of significant logs. These significant logs can also include entries for lesser issues, such as transactions that completed successfully but took a considerably longer time.
These logs include:
HTTP errors, such as server or NSX Advanced Load Balancer-originated 4xx and 5xx errors Network errors, such as aborted connections, abnormal latency, or out of order packets.
See Log Events for a list of error events that trigger a significant log.
You can omit the errors from the logs list by editing the analytics profile used by the virtual service.
Full Client Logs
In addition to significant logs, you can configure a virtual service to log all client connections or HTTP requests. The Full Client Logs option includes any significant logs, custom full log filters, and logs generated by custom policies or DataScripts.
By default, a new virtual service is configured to provide full client logs for the first 30 minutes, then drops down to a reduced logging level by capturing significant logs only.
From the Analytics tab, Full Client Logs can be enabled for the virtual service, either temporarily or permanently.
You can also specify full client log filters for IP addresses or URIs that are recommended when capturing essential information from busy production systems. An additional logging level is provided by enabling the All Headers option in a client log filter. This option will capture all headers from the client and server within the logs. This will significantly impact the log size, as some applications send as much as 30k within a single header.
The All Headers option is beneficial for quick troubleshooting to see what each side of the connection is sending and receiving. The NSX Advanced Load Balancer pulls logs from the SEs and indexes them on the Controllers only when an administrator attempts to view full client logs for the virtual service or pool. This takes anywhere from a few seconds to hours to process. Logs will be viewable while the indexing process is performed in the background. This time depends on network latency from the SEs to the Controllers, the volume of logs, and the hardware used by the Controller for performing the resource-intensive task of indexing the data.
Rotation Out of Unrequested Logs
Capturing all logs can consume significant resources. Hence, unrequested logs are rotated out of the SE’s storage from time to time. The allocation for raw log storage on an SE is variable, but a minimally configured SE with two vCPUs, 2 GB memory, and 10 GB storage can store about 8 million logs. Adding more resources (CPU, memory, and especially disk space) to the Controllers and SEs will extend the volume of logs per second and the duration to store the logs.
Logging During Heavy Load
In a very busy system with high volumes of requests per second, NSX Advanced Load Balancer might temporarily degrade to capturing only a sampling of requests. If the system is set up with redundant Controllers, the task of indexing logs for multiple virtual services is automatically shared across the Controllers to better utilize resources.
Client User IDs
User IDs for a virtual service are incorporated into UI displays when an auth profile is attached to the virtual service. To achieve this:
Enable Basic HTTP Authentication in the virtual service config ().
Configure and attach an auth profile to the virtual service.
For further information, see: