RADIUS Server Log Files
The server log file records RADIUS events, such as server startup or shutdown or user authentication or rejection, as a series of messages in an ASCII text file. Each line of the server log file identifies the date and time of the RADIUS event, followed by event details. You can open the current log file while RADIUS is running.
Log Rotation
Log rotation prevents RADIUS server logs from growing indefinitely. You can rotate RADIUS server log files by date or size:
- By default, RADIUS server log files are rotated daily with a filename extension that specifies the year, month, and day. You can rotate log files daily, weekly, or monthly.
The current log file is named radius.log, and rotated log files are named radius.log-YYYYMMDD, where YYYYMMDD specifies the date. For example:
-rw------- 1 rsaadmin rsaadmin 120 Dec 3 00:36 radius.log-20201203
-rw------- 1 rsaadmin rsaadmin 3613 Dec 4 00:37 radius.log
- To rotate log files by size, instead of date, use the size parameter in the radiusd file to specify a maximum size for a server log file. By default, the size parameter is commented out and set to 0.
The current log file is named radius.log, and rotated log files are named radius.log.n, where n is 1, 2, 3, and so forth. For example, the most recent rotated log file is named radius.log.1. When radius.log reaches the maxium size, a new radius.log file is created, the current radius.log file is rotated and renamed radius.log.1, and the previous radius.log.1 file is renamed radius.log.2.
The size option is mutually exclusive with the time interval options (daily, weekly, or monthly). If you specify the size option after you specify time criteria, then log files are rotated without regard for the last rotation time. The last specified option takes precedence.
Use SSH to configure RSA RADIUS log rotation in the /etc/logrotate.d/radiusd file. For more information, see the RSA Authentication Manager RADIUS Reference Guide.
Debugging Level
By default, RSA RADIUS debugging is turned off. You can enable additional logging to obtain useful information for troubleshooting. Change the debug_level to 1 or 2, depending upon how much information you want to log:
debug_level=0
Entering any invalid value, such as 3, resets the debug_level to the default value of 0.
Note: Do not change the "suppress_secrets = yes" configuration. Changing this value to "no" would log the user passcode and the client shared secret in plain text at log level 1 and 2.
RSA RADIUS debugging is configured by editing the radiusd.conf file in the Operations Console. For more information, see Edit RADIUS Server Files.
Related Articles
RADIUS server(s) missing after the migration from RSA Authentication Manager 7.1 to Authentication Manager 8.x Number of Views View a RADIUS Server Certificate Number of Views Log Artifacts generation fails due to ORA-31061 error in ASR report generation in RSA Identity Governance & Lifecycle Number of Views Replace a RADIUS Server Certificate Number of Views Howto: Change the Master Encryption Key Storage Directory in RSA Identity Governance and Lifecycle (IGL) Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
