RSA SecurID Access generates audit logs and system logs for each identity router in your deployment. You can use these logs to track user and system events, and to troubleshoot identity router problems.
The audit log captures real-time audit events (user, system, or both) on the identity router. Use the audit log to review errors and notifications about application portal sign-in, additional authentication, or user attempts to access protected applications.
Each identity router in your deployment stores audit log data in a local file on the identity router. RSA recommends that you configure RSA SecurID Access to send all audit logs to a syslog server, where they are consolidated from all identity routers and are easy to access. For instructions, see Configure Audit Logging in the Cloud Administration Console.
The system log captures real-time system data on the identity router. Use this log to troubleshoot or debug identity router issues such as problems connecting to an LDAP directory server, or problems integrating RSA SecurID Access with a new application.
You can view and download this log output from the Cloud Administration Console. For instructions, see View the Identity Router System Log.
The RADIUS logs capture real-time audit events for the built-in RADIUS server on the identity router if RADIUS is enabled. Use these logs to review errors and notifications about RADIUS authentication and communication with RADIUS clients. The /var/log/radius directory of the identity router log bundle contains the RADIUS log files (radius.log, radiusj.log, and radius-audit.log).
Note: radius.log is deprecated and contains only older log events. symplified.log contains all new RADIUS authentication events.
The identity router produces either standard-level or debug-level logging data. Standard is the default logging level. If you enable debug-level logging, the system log contains more detailed log information than it does for standard-level logging. Debug-level logging is not available for RADIUS.
You set the logging level for the identity router in the Cloud Administration Console on the Identity Routers page (Platform > Identity Routers). For instructions, see Set the Identity Router Logging Level.
Use the debug-level log data to troubleshoot HFED application integration, SAML application integration, and connections to identity sources. For example, you can look in the debug-level system log for details of how the identity router negotiates an HFED application’s login form.
In some cases, you might need to share debug-level logs with RSA Customer Support. For example, they might be able to help identify the source of a problem that you have been unable to pinpoint.
Note: To avoid potential performance impact for users, RSA recommends that you enable debug-level logging during off-peak hours, and that you return to standard-level logging as soon as troubleshooting is complete.
You can generate and download a bundle of identity router logs, which includes the audit, system, and RADIUS logs, and other logs and configuration files. Use these logs to troubleshoot, for example, an HFED application configuration, or the identity router registration process, before it is possible to configure syslog or view the system log.
With debug-level logging turned on, the log bundle contains the same files as for standard-level logging, but the system log contains additional logging details. For in-depth troubleshooting, for example, you can temporarily enable debug-level logging, and then generate and download a bundled file of the log data collected while debug-level logging is enabled on the identity router.
You use the Identity Router Setup Console to generate and download a log bundle. For instructions, see Generate and Download an Identity Router Log Bundle.