Logging for Cloud Access Service
a month ago

Logging for Cloud Access Service

RSA generates log messages for the following components:

  • Cloud Access Service (CAS) (user, admin, and system events)

  • Identity router deployed in your virtual environment

  • RSA Authenticator app

Logs for CAS

CAS generates messages for user and system events automatically, without configuration. For example:

  • A user event message is generated when an access policy requires a user to provide additional authentication credentials, or when an authentication is unsuccessful.
  • A system event message is generated when CAS purges users who were pending deletion.
  • An audit log message is generated by the Cloud Administration Console that describes a Super Admin activity.

You can view the messages through the User Event Monitor and System Event Monitor in the Cloud Administration Console. For a complete list of event messages, see:

For a complete list of administration log messages, see:

Administration Log Messages for Cloud Access Service (80001 - 81402)

Logs for the Identity Router

RSA provides the following identity router logs:

  • The audit log captures real-time audit events (user, system, or both) on the identity router. Use the audit log to review errors and notifications about application portal sign-in, additional authentication, or user attempts to access protected applications. You can configure RSA to send all audit logs to a syslog server, where they are consolidated from all identity routers and are easy to access. For instructions, see Configure Identity Router Audit Logging in the Cloud Administration Console.
  • The system log captures real-time system data on the identity router. Use this log to troubleshoot or debug identity router issues such as problems connecting to an LDAP directory server, or problems integrating RSA with a new application.
  • The RADIUS logs capture real-time audit events for the built-in RADIUS server on the identity router if RADIUS is enabled. Use these logs to review errors and notifications about RADIUS authentication and communication with RADIUS clients. The /var/log/radius directory of the identity router log bundle contains the RADIUS log files (radius.log, radiusj.log, and radius-audit.log).

    • Note:  radius.log is deprecated and contains only older log events. symplified.log contains all new RADIUS authentication events.

You can generate and download a bundle of identity router logs, which includes the audit, system, and RADIUS logs, and other logs and configuration files. For in-depth troubleshooting, you can temporarily enable debug-level logging, and then generate and download the log data collected during the period of debug-level logging. Debug-level logging is not available for RADIUS. For more information, see Identity Router Logging.

Logs for the RSA Authenticator App

The RSA Authenticator app generates logs on the users' devices. Log messages are generated automatically by app and user events for registration and additional authentication.

Users can email the log files from the Morengx_g_ic_reorder_blue screen.

Concept Information

Event Message Components for Cloud Access Service

Identity Router Logging

RSA Authenticator App Logging

Related Tasks

Configure Audit Logging in the Cloud Administration Console

Set the Identity Router Logging Level

Troubleshooting Identity Router Issues

View the Identity Router System Log

Reference Materials

User Event Monitor Messages for Cloud Access Service (02 - 345)

Contents of Identity Router Log Bundle

Identity Router Audit Log Messages

Don't see what you're looking for?