RSA Authentication Manager generates log messages for all events. These messages are stored in log and database files according to the origin of the message. You can use these log files to monitor deployment activity and produce a record of events such as user logon requests or administrative operations.
Most log settings are instance-based, unless you choose to replicate logging configuration changes. The exception is log rotation settings, which are configured in the Operations Console on each instance.
The system does not log most successful read actions.
Authentication Manager maintains the following types of logs:
Trace. Log messages that you can use to debug your system.
Administrative Audit. Log messages that record administrative actions, such as adding and editing users. This category does not include system level failures of administrative actions. Those messages are captured in the system log.
Runtime Audit. Log messages that record any runtime activity, such as authentication and authorization of users.
System. System level messages, such as “Server started” and “Connection Manager lost db connection.” This category includes system level failures of administrative actions.
Trace log messages are written locally to the appliance file system. The Administrative Audit, Runtime Audit, and System Audit log messages for each appliance are recorded in the Authentication Manager internal database and consolidated on the primary instance.
For each type of log, you can use the Security Console to configure the level of detail written to the log files. For example, you might choose to record only fatal errors in the Administrative Audit log, while recording all messages in the System log.
If you change the logging levels and want to return to the default values, select the values listed in the following table.