Table of Contents
RSA Access Manager Server
RSA Access Manager Admin GUI
RSA Access Manager Agents
RSA Access Manager Web Agents
RSA Access Manager Application Agents
RSA Access Manager Runtime API
Located in the logs directory for each instance of RSA Access Manager. There could be more than on RSA Access Manager instance for redundancy. For Microsoft Windows, this is typical “C:\Program Files\RSA\Access Manager Servers 6.2\logs”. For Unix, this is typical “/app/ctrust/logs”. You should archive all the logs in this directory for analysis. If there are a large number or rotated logs archive only the most recent logs.
Alternately if no lserver is configured the log files are as follows
- lserver.log - (optional). If the server is configured for central logging there will be one file per instance, or one file per installation. The name of the file is lserver.log. Rotated log files will be named lserver1.log. This file contains all normal log events from all RSA Access Manager Processes.
- aserver.log – events for the Authorization Server (aserver)
- eserver.log – events for the Entitlements Server (eserver)
- dispatcher.log – events for the Dispatcher server (dispatcher) and the Keyserver (keyserver). (These run in the same process).
- isever.log – (optional) logs for instrumentation server (iserver).
Located in the conf directory for each instance of RSA Access Manager. There could be more than on RSA Access Manager instance for redundancy. For Microsoft Windows, this is typical “C:\Program Files\RSA\Access Manager Servers 6.2\conf”. For Unix, this is typical “/app/ctrust/conf”. If a review of the configuration is warranted, you should archive all the conf files in this directory for analysis.
- adaptive-auth-onpremise.conf – only used if Adaptive Authentication is configured (optional)
- aserver.conf – for all of the Authentication Servers on this machine. Typically, customers will have two aservers on each machine.
- ca_keystore.jks – Java JKS keystore used to store any trusted root certificates for LDAP binds.
- dcp.conf – for distributed credentials (optional)
- dispatcher.conf – for the dispatcher for this machine
- eserver.conf – for the entitlement’s server. There should only be one of these in use.
- iserver.conf – for the instrumentation server (optional)
- keyserver.conf for the keyserver on this machine
- ldap-adlds.conf – (copy only of default ldap.conf for adlds)
- ldap.conf – LDAP configuration file for the user and policy datastore. For SQL server this would be replaced by sql.conf file.
- license.xml – license file
- lserver.conf – for the log server. There should only be one of these. (optional)
- uus.conf – for the unique user session tracking feature (optional)
The administrative application is a Web Application that can be deployed on any application server as a WAR file. Most application servers are supported (Tomcat shown).
- http://axm-server.vcloud.local:8080/axm-admin-gui-6.2/Home.jsp - RSA Administrative Console (Admin GUI) home page.
- C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\axm-admin-gui-6.2\WEB-INF\web.xml – Notably this file contains a reference to the location of the Admin GUI configuration file in the webgui.config.directory parameter
- C:\Program Files\RSA\Access Manager Servers 6.2\webapp\admingui.cfg – Admin GUI configuration file default location (maybe different location as specified above.)
RSA Access Manager servers can be started in DEBUG mode by passing the -DDEBUG flag on the Java command line when starting the servers. This can be done by starting the servers manually from the command line.
C:\Program Files\RSA\Access Manager Servers 6.2\bin>aserver.bat debug
RSA Access Manager Authorization Server
Version 6.2 (Build ID: 20130125033301-0500-1355387)
See the following KB article for more information on DEBUG mode.
- C:\Program Files\RSA\Access Manager Servers 6.2\bin\aserver.bat – command line batch file to start aserver on windows
- /app/ctrust/bin/aserver.sh – command line batch file to start aserver on windows.
RSA Access Manager Agents
Located in the logs directory. The default location is “C:\Program Files\RSA\Access Manager Agent 5.0 SP4\IIS\logs\”. The log file may have different names depending on the settings but typically is called ctagent.log with a number representing the rollover date. Logs have different log levels (None, Config, Misconfig, Critical, Error, Warning, Security, Info, Debug and Massive) as defined in the webagent.conf file.
- C:\Program Files\RSA\Access Manager Agent 5.0 SP4\IIS\logs\ctagent.20190605160645.log – agent log file
- C:\Program Files\RSA\Access Manager Agent 5.0 SP4\IIS\RSA_Access_Manager_Agent_5.0_SP4_for_IIS_InstallLog.log – agent installation file
Located in the conf directory. Default location is C:\Program Files\RSA\Access Manager Agent 5.0 SP4\IIS\conf\.
- C:\Program Files\RSA\Access Manager Agent 5.0 SP4\IIS\logs\webagent.conf
On Unix, the install location of the agent is in /opt but the configuration and log files are in subdirectories named for the webserver that is installed.
- /opt/RSA_Access_Manager_Agent_5.0_for_Apache_InstallLog.log – Agent installation log
- /var/log/httpd/error_log – Apache Web Server error log file
- /var/www/html – Apache Web Server http root document directory
- /opt/rsa-axm/agent-50-apache/webservers/Apache_2.4.6/logs/ctagent.20190607121648.log Agent log file
- /opt/rsa-axm/agent-50-apache/webservers/Apache_2.4.6/conf/webagent.conf – conf file
- /opt/rsa-axm/agent-50-apache/htdocs/ct_logon_en.html – default logon page