No information available in the logging will help you if you have issues with predefined Host Checks. The predefined stuff is all a big black box so when you have users that should pass but aren't, you only see in the logs that they didn't pass, not what specifically about the check is failing. As a result, each time I have users that run into issues, I have to open a case with Juniper and collect tons of logs and then a month or two later, ESAP usually catches up to the issue and addresses whatever was causing the issue. Problem with this is I never find out what caused the problem in the first place (knowing, for instance, that a particular check was looking for specific registry syntax would allow me to verify whether my problem user(s) have an extra comma or semicolon character at the end of their string and would allow me to solve the problem much faster than the system in place today). To add insult to injury, I've attended a couple of SSL VPN webinars for competing vendors recently and I've seen that some products do at least have a verbose logging 'mode' that will allow you to troubleshoot such things more efficiently... so it's possible to give us this functionality, just prolly not very high on the to-do list. The Juniper log files, otherwise, have actually seemed pretty good although the reporting against those logs could use work. My account management team tells me that there will be no additional log reporting functionality built into the IVE as it's been made available in another product, STRM, and I've also evaluated a pretty cool solution called SSL Clearview reporter from NWG Technologies (http://www.nwgtechnologies.com/products/product2.html) that is built just for Juniper SSL VPN reporting and comes with some really good drill-down canned reporting. Hope this helps.
... View more