Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JochenHoffmann
Occasional Contributor
Occasional Contributor

Authentication Manager API Logs

Jump to solution

Dear All,

 

we're implementing some remote Scripting using the RSA Authentication Manager 8.1 SP1 Java API calls and functions. Right now, we need to know, where the log files are located.

 

We initiated an application trust, imported the certificates as needed and created / mapped the admin user account with its appropriate administrative role. But unfortunately we don't get Access / authenticated by AM. BTW, this is Authentication Manager 8.1 SP1 SDK / API, not Authentication Agent SDK / API.

 

Is it possible to get some log Information regarding those AppTrust / API Connection calls? Any idea?

 

 

Many Thanks - Regards,

Jochen.

Labels (1)
0 Likes
1 Solution

Accepted Solutions

Hard to say if only problem but below is wrong in your config.properties. 

 

com.rsa.cmdclient.user = saISAM

 

 

The cmdclient.user is not the admin user you are trying to log in as.   From the SDK Developer's Guide:

Set the Command Client User Name and Password

When you install Authentication Manager, the system creates a command client user name and password for secure connections to the command server. This user name and password are randomly generated on creation, and are unique to each deployment.

You need to set command client and user name values for each connection to the command server. Use the Manage Secrets utility to obtain these values from Authentication Manager.

Procedure

1.     From a command prompt on your Authentication Manager host, change directories to RSA_AM_HOME/utils.

2.     Type:

rsautil manage-secrets --action list

3.     When prompted, type your Operations Console username and password. 
The system displays the list of your internal system passwords.

4.     Locate the values for your command client user name and password. For example:

Command Client User Name .................: CmdClient_vKr9aLK9
Command Client User Password .............: e9SHbK0W4i

 

View solution in original post

11 Replies
EdwardDavis
Employee
Employee

You can pick where they go. In the api docs (for whatever api you are using from RSA) there are always logging options described.

Example: agent api 8.5 has these settings you can put in the properties file 

 

RSA_LOG_TO_CONSOLE

If set to YES, event logs are sent to the console.

If set to NO, event logs are not sent.

Valid only if RSA_LOG_LEVEL is not set to OFF.

Changes made to this parameter take effect based on intervals set in RSA_CONFIG_READ_INTERVAL.

YES or NO

The default value is NO.

RSA_LOG_TO_FILE

If set to YES, event logs are sent to the log file specified by RSA_LOG_FILE.

If set to No, event logs are not sent.

Valid only if RSA_LOG_LEVEL is not set to OFF.

Changes made to this parameter take effect based on the interval set in RSA_CONFIG_READ_INTERVAL.

YES or NO

The default value is YES.

RSA_LOG_FILE

Indicates the path to the log file.

Valid only if RSA_LOG_TO_FILE is set to YES.

Changes made to this parameter take effect based on the interval set in RSA_CONFIG_READ_INTERVAL.

The applicable path.

For example:
/var/ace/api/my_api_events.log
or C:\\WINDOWS\\system32\\my_api_events.log

RSA_LOG_FILE_SIZE

Maximum size of the log file.

Value of file size.

By default 1MB.

RSA_LOG_FILE_COUNT

Number of backup log files to maintain.

Integer value to maintain number of log files. By default 10.

RSA_LOG_LEVEL

Indicates the minimum log level. Events below this level are not logged.

Changes made to this parameter take effect based on the interval set in RSA_CONFIG_READ_INTERVAL.

OFF, DEBUG, INFO, WARN, ERROR, or FATAL

The default value is INFO.

RSA_CONFIG_DATA_LOC

Indicates the directory location used as a local store for the bootstrap and configuration files.

These configuration files should not be edited.

All valid directory locations are acceptable.

For example:
C:\\WINDOWS\\system32\\AgentConfig

The default value is <SDCONF_ _LOC>\<RSA_AGENT_NAME>

root.cer, bootStrapData.xml, and configdata.xml will be created in this location.  

0 Likes
TedBarbour
Employee
Employee

I don't believe there is any logging on the client side of an AM API connection.

Recommend that you validate your configuration per the documentation and check for any error messages at the AM side.

Sharing your config.properties file might help troubleshoot the issue.

 

0 Likes
JochenHoffmann
Occasional Contributor
Occasional Contributor

Thanks, guys for your answers. Indeed, I'm looking for any log information at the AM side. Sorry for not making this clear ...

 

-jochen

0 Likes
JochenHoffmann
Occasional Contributor
Occasional Contributor

Please find the config.properties file attached and so the Java Exception we actually get.

 

<am_fqdn> points to the AM8.1 SP1 P14 FQDN which is resolvable of course. saISAM is able to connect successfully and is granted privileged access, too.

"client-identity" alias points to the application trust's certificate, "root" alias points to the RootCA certificate.

 

-jochen

0 Likes
TedBarbour
Employee
Employee

Just to be clear, are you attempting to connect using 2-way SSL?

0 Likes
JochenHoffmann
Occasional Contributor
Occasional Contributor

Yes, I do.

0 Likes

Hard to say if only problem but below is wrong in your config.properties. 

 

com.rsa.cmdclient.user = saISAM

 

 

The cmdclient.user is not the admin user you are trying to log in as.   From the SDK Developer's Guide:

Set the Command Client User Name and Password

When you install Authentication Manager, the system creates a command client user name and password for secure connections to the command server. This user name and password are randomly generated on creation, and are unique to each deployment.

You need to set command client and user name values for each connection to the command server. Use the Manage Secrets utility to obtain these values from Authentication Manager.

Procedure

1.     From a command prompt on your Authentication Manager host, change directories to RSA_AM_HOME/utils.

2.     Type:

rsautil manage-secrets --action list

3.     When prompted, type your Operations Console username and password. 
The system displays the list of your internal system passwords.

4.     Locate the values for your command client user name and password. For example:

Command Client User Name .................: CmdClient_vKr9aLK9
Command Client User Password .............: e9SHbK0W4i

 

JochenHoffmann
Occasional Contributor
Occasional Contributor

Ted,

sh*** I read about, but forgot it completely ... will give it a try and come back soon to you.

 

-jh

0 Likes

Yes, let us know how it goes.

0 Likes