Appendix B: Testing and Troubleshooting
If you are experiencing problems with your policy files or would like to monitor evaluation for brief
periods of time, consider using the policy tracing capabilities of the policy language.
Trac ing allows you to examine how the ProxySG policy is applied to a particular request. To configure
tracing in a policy file, you use several policy language properties to enable tracing, set the verbosity
level, and specify the path for output. Using appropriate conditions to guard the tracing rules, you can
be specific about the requests for which you gather tracing information.
Note: Use policy tracing for troubleshooting only. Tracing is best used temporarily for
troubleshooting, while the
log_message( ) action is best for on-going monitoring. For more
information about the
log_message( ) action, see "log_message( )" on page 232. If tracing is
enabled in a production setting, ProxySG performance degrades. After you complete
troubleshooting, be sure to remove policy tracing.
CPL provides the following trace-related properties:
•
trace.rules( )—Controls the tracing of rule evaluation. Trace can show which rules missed,
which matched, and which were not applicable (N/A), meaning the rule cannot be evaluated for
this transaction and is being skipped. N/A occurs, for example, when you try to apply a streaming
trigger to an FTP transaction.
•
trace.request( )—Enables tracing and includes a description of the transaction being
processed in the trace. No trace output is generated if this is set to no.
•
trace.destination( )—Directs the trace output to a user-named trace log.
Enabling Rule Tracing
Use the trace.rules( ) property to enable or disable rule tracing. Rule tracing shows you which
rules are executed during policy evaluation. This property uses the following syntax:
trace.rules(yes|no|all)
where
•
yes enables rule tracing but shows matching rules only.
•
no disables rule tracing.
•
all enables tracing, with added detail about conditions that failed to match.
Example
The following enables tracing:
<proxy>
trace.rules(yes) tracewhere:request(yes)