RSA Support will often ask you to send us the internal log files, or bundle logs, from one or more of the IDRs in your deployment.  You can also proactively send them to us when you open a case.

The bundle logs can only be downloaded from the Identity Router itself.  It is not possible to get IDR bundle logs from the RSA Cloud Administration Console.

Note:  IDR bundle logs are not the same as an IDR's View Log option in the Cloud Administration Console.  View Log is an excerpt of only the last 1000 lines of an IDR's system log.  That is usually not sufficient for RSA Support troubleshooting.  In contrast, what we call "bundle logs" are a Zip file, containing many different log and configuration files .

There are three different ways you can get the bundle logs:

• setup.jsp Method
• SSH Method
• AM Troubleshooting Logs Method

There are a few different ways you can obtain IDR bundle logs, depending on the IDR platform (VMWare, Hyper-V, AWS, Microsoft Azure or Authentication Manager embedded IDR). 

Setup.jsp Method

IDR platforms:  all

This is the usual method to get any IDR's bundle logs file.  Follow the steps in section "Generate and Download the Identity Router Log Bundle" on page Troubleshooting Identity Router Issues .

SSH Method

IDR platforms:  VMWare, Hyper-V, Microsoft Azure and AWS  

The IDR's bundle logs can be downloaded from SSH, if SSH is enabled for the IDR.   This is useful if the issue being investigated makes the IDR's setup.jsp pages inaccessible.   To obtain the bundle logs using SSH, follow these steps:

1. Access SSH and login as idradmin .
2. Enter the following command at the SSH prompt to generate the bundle logs' Zip file.  Note that the command may "hang" with no output for a short while, as it gathers the necessary files:

3. The command will eventually display a long list of files on the screen. At the end will be a message that tells you where the bundle logs' Zip file was saved on the IDR.  For example:

4. Download the bundle logs' Zip file from the IDR to your local machine, using SFTP (Secure File Transfer Protocol on port TCP 22) to the IDR's management / eth0 IP address.  Use the IDR's idradmin credentials for SFTP.

AM Troubleshooting Logs Method

IDR platform:  embedded Authentication Manager IDR  

The bundle logs can be downloaded from an IDR embedded in Authentication Manager (AM), as part of the Authentication Manager (AM) Troubleshooting Logs bundle.  This is useful if the issue being investigated makes the IDR's setup.jsp pages inaccessible or if other AM logs are also needed.   

To obtain the IDR bundle logs this way: follow the instructions on page Download AM Troubleshooting Files .   Note:

• This must be done on the AM server where the IDR is installed. 
• At step 3 in the Download instructions, select Identity Router Log Files . 
• Depending on the type of issue, you may also need to select other types of AM logs at step 3.  If unsure, select every log type, or ask RSA Support which to select.

If you are unable to access the IDR bundle logs, do the following checks:

• VMWare, Hyper-V, Microsoft Azure or AWS:  Check that the IDR's VM is running.  If not, start it.
• VMWare, Hyper-V, Microsoft Azure or AWS:  Check from the RSA Cloud Administration Console that the IDR's SSH port is open .
• Check that firewalls are not blocking access to the IDR's IP(s) or interface(s) or the SSH or HTTPS or SFTP ports .
• For the SSH or setup.jsp methods: check that you are using the management interface's IP or its FQDN to access the IDR.
• For the setup.jsp method, if it is a one-interface IDR, you must access it with TCP port 9786.
• It is not supported to access an embedded AM IDR via SSH.  If an embedded AM IDR's setup.jsp pages are not available, get the IDR logs using the AM Troubleshooting Logs Method method.

Inform the RSA Support Engineer for your case if you still cannot access the IDR to get the bundle logs.  If you do not yet have a support case open, contact RSA Support .

General steps to reproduce an issue and get IDR bundle logs

1. On every IDR, Set the Identity Router Logging Level to Debug.
2. Reproduce the issue or wait for it to occur. While doing so, capture screenshot(s) and/or video of error messages or any incorrect behaviour.  Tell RSA the date and times (with time zone) the issue was reproduced or occurred after enabling Debug.  Tell us the user id(s) of authentications.  This will help us to identify relevant events in the logs.
3. On every IDR, Set the Identity Router Logging Level to Standard.  Do not leave IDRs in Debug mode indefinitely, as it causes logs to rotate too quickly and important evidence can be lost.
4. From the Cloud Admin Console's User Event Monitor:
   1. Select Include Verbose Logs. 
   2. Filter by the user's email address then look for events around the time the issue was reproduced at step 4 above.  If there are no events displayed for the user around that time, clear the email address filter and look again for events around that time for the test user or any unknown user.  If no events at all were logged around that time, inform Support.
   3. Click Generate Report.  For Number of Events select Maximum Size. Click Generate Report to confirm. 
   4. Click Report Details and confirm the data there matches what you just generated.  
   5. Click Download to download a CSV file containing the events.
5. Get the log bundles from every IDR.  See the Tasks section above for instructions.

RSA recommends getting logs from every IDR because it is usually not possible to know which IDR(s) handled an authentication.  Authentications will not necessarily be processed only by the IDR that the authentication was sent to.

Different or additional steps may be needed depending on the type of issue.  Follow any alternative instructions provided by RSA Support.