KB Article | Forcepoint Support
Support
  1. Home
  2. Knowledgebase

Enabling Content Gateway debugging and locating relevant log files

  • Article Number: 000006644
  • Products: Forcepoint V10000 Appliance, Forcepoint V20000 Appliance, Forcepoint V5000 Appliance, Forcepoint Virtual Appliance, Forcepoint Web Security, TRITON AP-WEB, Web Security Gateway, Web Security Gateway Anywhere
  • Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7
  • Last Published Date: November 21, 2018

Problem Description

Applications are failing when proxying through the Content Gateway. What troubleshooting logs are available to help diagnose this issue?
 

Resolution

Three types of logs are available when troubleshooting the Websense Content Gateway.
  • Event logs - Provides a view of TCP packet exchange.
  • Analytics and process logs - Provides a view of the packet analysis and inspection processes. These processes can include authentication, virus detection, caching, content stripping, and Real Time Content Analysis. Use debug tags to identify specific processes.

Note The file paths shown below are provided for Content Gateway software installations. For V-Series appliances users, direct file access is only available with assistance from Forcepoint Technical Support.
 
Note The messages log is always a good place to start looking. In the Content Gateway management console, click Configure > My Proxy > Logs > System tab > Log File > messages file. For Content Gateway software installations, navigate to /var/log/messages.

Enable event logging

  1. Log into the Content Gateway management console.
  2. Start logging.
    1. Click Configure > Subsystems > Logging > General tab.
    2. Enable full logging by selecting the checkbox for Log Transactions and Errors and apply changes.
  3. Recreate the issue.
  4. View logging data.
Click Configure > My Proxy > Logs > Access tab > Log File > extended.log and error.log.
  • /opt/WCG/logs/extended.log
  • /opt/WCG/logs/error.log
  1. Stop logging.
    • Click Configure > Subsystems > Logging > General tab.
    • Set logging to Log Errors Only and apply changes.

   
Enabling analytics and process logging:

Enabling Content Gateway debugging for Software Content Gateway

Software Content Gateway or Appliances with Root Access have the ability to output debug information to /opt/WCG/logs/content_gateway.out. To start debugging, run the following command:

/opt/WCG/bin/debugtag "<debugStrings>"

Separate each debug string with a pipe. For example:

/opt/WCG/bin/debugtag "http.*|ssl.*|wtg.*"
 
or for a single tag:

/opt/WCG/bin/debugtag wtg.*

Press CTRL+C to disable debugging.
 

For Content Gateway installed on a V-Series appliance without Root Access:

For versions 8.3-8.5 and higher:

  1. SSH to the appliance C interface IP.
  2. Log in as admin.
  3. Type config
  4. Enter the admin password again.
  5. Enable debug logging. Type set proxy content_line --type set --entry proxy.config.diags.debug.enabled --value 1
  6. Enable one or more debug tags. Type set proxy content_line --type set --entry proxy.config.diags.debug.tags --value http_hdrs.*|ntlm.*
  • In this example, the http_hdrs.*|ntlm.*  tags log headers and NTLM authentication activity.
  • Additional debugging tags are available.
  1. Reproduce the issue and review debugging data. In the Content Gateway console, click Configure > My Proxy > Logs > System tab > Log File > content_gateway.out.
  2. Disable debug logging. Type set proxy content_line --type set --entry proxy.config.diags.debug.enabled --value 0
Note With 8.3-8.5 or higher using CLI, the reload configuration option (content-line -x) was removed as the file will read immediately.
 
For versions 7.7-8.2
  1. Open Appliance Manager.
  2. Navigate to Administration > Toolbox.
  3. Click Launch Utility under Command Line Utility
  4. Enable debug logging
  • Module: Websense Content Gateway
  • Command: content-line -s
  • Variable Name: proxy.config.diags.debug.enabled
  • Value: 1
  • Run
  1. Enable one or more debug tags.
  • Module: Websense Content Gateway
  • Command: content-line -s
  • Variable Name: proxy.config.diags.debug.tags
  • Value: http_hdrs.*
  • Run
  1. Reload the configuration to apply changes.
  • Module: Websense Content Gateway
  • Command: content-line -x
  • Run
  1. Reproduce the issue and review debugging data.
In the Content Gateway console, click Configure > My Proxy > Logs > System tab > Log File > content_gateway.out.
  1. Disable debug logging.
  • Module: Websense Content Gateway
  • Command: content-line -s
  • Variable Name: proxy.config.diags.debug.enabled
  • Value: 0
  • Run
  1. Reload configuration to apply changes and stop debugging.
  • Module: Websense Content Gateway
  • Command: content-line -x
  • Run

Common debug tags:

  • DNS Proxy
    • hostdb.*
  • HTTP Proxy
    • http_hdrs.*
  • FTP Proxy
    • ftp.*
  • Analytics (RTCC, RTSS, AR, AD, AV)
    • wtg_txn.*
  • General tag to log real-time authentication
    • win.*  (this tag enable IWA logging)
    • ldap.*
    • ntlm.*
Important proxy and SSL Logs
  • /var/log/messages
    • The operating system log is always a good place to start looking.
  • /opt/WCG/logs/content_gateway.out
    • Contains debug tag logging data.
  • /opt/WCG/logs/extended.log
    • Primary log for displaying proxy access events.
  • /opt/WCG/logs/error.log
    • Primary log for displaying proxy access errors.

Log locations within the Content Gateway management console

  • Configure > My Proxy > Logs > System tab > Log File
    • messages and content_gateway.out
  • Configure > My Proxy > Logs > Access tab > Log File
    • error.log, extended.log

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more