Skip to content

Logs

This section explains the log reports available within the Admin Interface. The following topics are covered in this section:

Viewing logs

Log information provided on this page is split into events that occur against the different Osirium PAM service types. Each tab contains information for a specific service, allowing you to easily target your search.

Logs can be downloaded for each individual tab using the DOWNLOAD button. The downloaded file is saved as something.log on your local workstation and can be viewed in an external text editor.

The following is a view of the Server log tab.

Logs page

The following is a view of the Server log downloaded and viewed in an editor.

Server Log view

The following describes each of the services and what they do, to help you pinpoint the right log when troubleshooting issues.

Heading Description
Server Handles the XML remote procedure calls (RPC) from the Admin Interface and loads device templates, when device tasks are being executed.
Proxy Handles the connections between the user's workstation to the end device, when a device is accessed. It's responsible for injecting the authentication requirements to enable the user to connect to the device.
Proxy Channels Lists all successful proxy connections with corresponding channel IDs. Proxy connections act as the middle-man throughout the connection life cycle, so users never have to know the device login credentials.
RDP Proxy Handles proxying of connections to remote RDP devices, capable of credential injection and RPD channel blocking. Supports RDP connections to Windows Server 2003 and newer.
External Used to authenticate the user logging on and produces the device and task list the user has permission to. Any device permissions are dynamically published and device monitor states updated.

This service will also manage the authentication for users that are authenticated against RADIUS or Active Directory.

Userauth Logs user login attempts and failures based on the users auth type (local, RADIUS, Active Directory or multi-factor).
Cluster Audits the cluster, logs nodes joining the cluster and displays cluster errors.
Rest Used to handle requests and receive responses via HTTP protocols.
HA proxy Used to manage and load balance high availability of device connections.
Session recording Used to receive screenshots sent from the users workstation, stores them and creates a database record for each.
Task tracker Used to maintain an accurate record of the system tasks that are run in the background.
MAP Server Logs MAP sessions and which device template script was used.
Key Verifier Logs fingerprint verifications associated with a device when a connection is made to a device tool.
API Logs all the API calls that are made and shows you the client that made the call and which API call was used.

API logs can be found in: /var/log/osirium/rest-api.log

SMTP Email Logs listed are from the SMTP debug log file. They log the communication between Osirium PAM and the configured SMTP server. Shows any issues with sending emails through error messages that come back from the SMTP server.
UI Session Session manager logs that monitors the logins and logouts on the UI.
UI API Log of all the REST API calls made through the UI.
UI Device Logs all the device tool connections i.e. RDP, SSH made.
UI Session Recording Used to receive screenshots taken during the connection through the UI, stores them and creates a database record for each.
UI Socket.io Logs the communication between the web client and Osirium PAM.
SAML2 Used to maintain records of SAML logins and configuration changes to the SAML service.

Logging levels

The Osirium PAM event occurrences are given a logging level of either: Debug, Info, Warning, or Error.

The table below describes when logging is used:

Level Description
Debug Provides detailed information to help with diagnosing problems

By default debugging is turned off. To enable the debug logging mode see Debug Task Logging.

Info Information to confirm that the service is working as expected.
Warning Gives an indication that something unexpected happened.

The service is still working as expected but something to be aware of.

Error Indicates an exception has occurred and there maybe a problem.

Log file directory

All log files are stored in plain text on the virtual appliance local filestore and can be found in the /var/log/osirium/server directory. They can be accessed using a BASH command and logging in as the osirium_support account. See Support Account.

Logs are rotated automatically once a day and kept for a maximum of 84 rotated logs, after which they are deleted. Rotated logs are archived as compressed GZ files.

The following is an unfiltered view of the log files found in the /var/log/osirium/server directory.

Command line all log view

The following is a filtered view for the external log files found in the /var/log/osirium/server directory.

Command line external log view

Log file techout

A techout is a TGZ archive file that gathers system and configuration information. A techout task can be run against the PAM Server which will include all the log files. Alternatively, you can create a custom techout which will allow you to select:

  • Include all: which will include logs that are up to 84 days old.
  • Include recent: which will only include logs that are 10 days old.

    Techout tasks

    Create custom techout task

Troubleshooting

A number of troubleshooting scripts are available through the PAM Server console screen to help you manage system and service tasks.

To view the console window:

  1. Logon to your existing infrastructure and open the console window of the PAM Server.

  2. Within the blue screen console window, select Troubleshooting.

    Blue console screen

  3. Now enter the username and password of a SuperAdmin account.

    Console SuperAdmin logon

  4. You will now see the list of troubleshooting scripts. These are the tasks that can be run on the server to help resolve issues.

    Console troubleshooting scripts list