To record trace logs:
1. Enable tracing for the profile. You can use the show command to verify the configured setting.
set appfw profile <profile> -trace ON
2. Start collecting trace. You can continue to use all the options which are applicable for the nstrace command.
start nstrace -mode APPFW
3. Stop collecting the trace
Location of the trace: The nstrace is stored in a time-stamped folder which is created in the /var/nstrace directory and can be viewed using wireshark. You can tail the /var/log/ns.log file to see the log messages providing details regarding the location of the new trace.
Advantages of trace logs:
– Isolate traffic for specific profile
– Collect data for specific requests
– Identify resets or aborts
- View decrypted SSL traffic: HTTPS traffic is captured in plain text to allow for easier troubleshooting.
– Provides comprehensive view: Allows you to look at the entire request at the packet level, check the payload, view logs to check what security check violation is being triggered and identify the match pattern in the payload. If the payload consists of any unexpected data, junk strings, or non-printable characters (null character, \r or \n etc), they are easy to discover in the trace.
– Expedite response time: Faster debugging on target traffic to do root cause analysis.