RADIUS Server Log Files
The server log file records RADIUS events, such as server startup or shutdown or user authentication or rejection, as a series of messages in an ASCII text file. Each line of the server log file identifies the date and time of the RADIUS event, followed by event details. You can open the current log file while RADIUS is running.
Log Rotation
Log rotation prevents RADIUS server logs from growing indefinitely. You can rotate RADIUS server log files by date or size:
- By default, RADIUS server log files are rotated daily with a filename extension that specifies the year, month, and day. You can rotate log files daily, weekly, or monthly.
The current log file is named radius.log, and rotated log files are named radius.log-YYYYMMDD, where YYYYMMDD specifies the date. For example:
-rw------- 1 rsaadmin rsaadmin 120 Dec 3 00:36 radius.log-20201203
-rw------- 1 rsaadmin rsaadmin 3613 Dec 4 00:37 radius.log
- To rotate log files by size, instead of date, use the size parameter in the radiusd file to specify a maximum size for a server log file. By default, the size parameter is commented out and set to 0.
The current log file is named radius.log, and rotated log files are named radius.log.n, where n is 1, 2, 3, and so forth. For example, the most recent rotated log file is named radius.log.1. When radius.log reaches the maxium size, a new radius.log file is created, the current radius.log file is rotated and renamed radius.log.1, and the previous radius.log.1 file is renamed radius.log.2.
The size option is mutually exclusive with the time interval options (daily, weekly, or monthly). If you specify the size option after you specify time criteria, then log files are rotated without regard for the last rotation time. The last specified option takes precedence.
Use SSH to configure RSA RADIUS log rotation in the /etc/logrotate.d/radiusd file. For more information, see the RSA Authentication Manager RADIUS Reference Guide.
Debugging Level
By default, RSA RADIUS debugging is turned off. You can enable additional logging to obtain useful information for troubleshooting. Change the debug_level to 1 or 2, depending upon how much information you want to log:
debug_level=0
Entering any invalid value, such as 3, resets the debug_level to the default value of 0.
Note: Do not change the "suppress_secrets = yes" configuration. Changing this value to "no" would log the user passcode and the client shared secret in plain text at log level 1 and 2.
RSA RADIUS debugging is configured by editing the radiusd.conf file in the Operations Console. For more information, see Edit RADIUS Server Files.
Related Articles
View a RADIUS Server Certificate Number of Views RADIUS server(s) missing after the migration from RSA Authentication Manager 7.1 to Authentication Manager 8.x Number of Views Replace a RADIUS Server Certificate Number of Views Large volume of log files generated under AFX folder in RSA Governance & Lifecycle Number of Views AFX server fails to start with a message: WARNING!! Timed out waiting for AFX applications to start in RSA Identity Govern… Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to…
