System | Logs | Show

  • Blog
  • System | Logs | Show

Knowledge Base

Site Reliability Experience

View Categories

System | Logs | Show

2 min read

Table of Contents

When you click the Show action, a new screen will appear:

relianoid load balancer v8 system logs show

In this view, you can choose the number of log entries to display, starting from the most recent and going backward. You can also filter the content using the filter icon on the right.

Logs Overview #

RELIANOID Load Balancer Enterprise Edition logs system, network, and application-level events into the system’s syslog facility. These logs are essential for troubleshooting, monitoring traffic behavior, and auditing security events.

All logs follow the RFC 5424 syslog format:

<timestamp> <hostname> <subsystem>: <message>

Where:

  • timestamp – ISO 8601 format with microseconds and timezone
  • hostname – Load balancer hostname
  • subsystem – Source component (e.g., kernel, pound, keepalived, zproxy)
  • message – Detailed event information, including connection, health check, or security details

Log Subsystems #

  • Kernel / Netfilter (kernel). Reports low-level network events such as: Firewall (WL for WhiteLists, BL for BlackLists) decisions, TCP packet state changes (SYN, ACK, RST), NAT and routing behavior. Example: 
    2025-03-26T11:34:09.257768+01:00 noid-ee-01 kernel: 
  [1279318.848199] [WL,exchange_smtprelay_servers,exch-25-relay]
  IN=eth2 OUT= MAC=aa:bb:cc:dd:14:ac:...
  SRC=10.10.72.11 DST=10.10.72.22 PROTO=TCP SPT=43112 DPT=25 RST

    Meaning: A packet from 10.10.72.11 to 10.10.72.22:25 triggered a white-list check.

  • Load Balancer Core / Proxy (pound, eproxy). Reports application traffic processing, including: Backend request routing, health check failures, connection timeouts or errors (e500, e502), Web Application Firewall (WAF) actions. Example:

    2025-03-26T11:34:09.383463+01:00 noid-ee-01 pound:
  exch-80, [WAF,service redirect443, backend (UNKNOWN):0,]
  ModSecurity: Access denied with code 302 ...

    Meaning: A WAF rule denied access to /autodiscover/autodiscover.xml and returned a 302 redirect.

  • Security Subsystem (IPDS / WAF). Integrated within the proxy logs or custom security modules. Reports: Intrusion Prevention System (IPS) matches, WAF events and rule triggers, Suspicious requests with client IPs and request URIs
  • Cluster & High Availability (keepalived / conntrackd / cluster). Logs: Virtual IP failovers, Node state transitions (MASTER / BACKUP) and Health check state changes.

Types of Logged Information #

  • Traffic Flow: Source and destination IPs, ports, interfaces, packet size, and TCP flags
  • Backend Status: Which service and backend handled the request, including errors or timeouts
  • Security Events: WAF decisions, IP reputation, intrusion detection alerts
  • System Events: Interface changes, clustering, or load balancer daemon events
SHARE ON:

Powered by BetterDocs