Blue Coat Systems Proxy SG Appendix B: Testing and Troubleshooting

Appendix B: Testing and Troubleshooting

If you are experiencing problems with your policy files or would like to monitor evaluation for brief

periods of time, consider using the policy tracing capabilities of the policy language.

Trac ing allows you to examine how the ProxySG policy is applied to a particular request. To configure

tracing in a policy file, you use several policy language properties to enable tracing, set the verbosity

level, and specify the path for output. Using appropriate conditions to guard the tracing rules, you can

be specific about the requests for which you gather tracing information.

Note: Use policy tracing for troubleshooting only. Tracing is best used temporarily for

troubleshooting, while the log_message( ) action is best for on-going monitoring. For more

information about the log_message( ) action, see "log_message( )" on page 232. If tracing is

enabled in a production setting, ProxySG performance degrades. After you complete

troubleshooting, be sure to remove policy tracing.

CPL provides the following trace-related properties:

•trace.rules( )—Controls the tracing of rule evaluation. Trace can show which rules missed,

which matched, and which were not applicable (N/A), meaning the rule cannot be evaluated for

this transaction and is being skipped. N/A occurs, for example, when you try to apply a streaming

trigger to an FTP transaction.

•trace.request( )—Enables tracing and includes a description of the transaction being

processed in the trace. No trace output is generated if this is set to no.

•trace.destination( )—Directs the trace output to a user-named trace log.

Use the trace.rules( ) property to enable or disable rule tracing. Rule tracing shows you which

rules are executed during policy evaluation. This property uses the following syntax:

trace.rules(yes|no|all)

where

•yes enables rule tracing but shows matching rules only.

•no disables rule tracing.

•all enables tracing, with added detail about conditions that failed to match.

Example

The following enables tracing:

<proxy>

trace.rules(yes) tracewhere:request(yes)