RADIUS Server Log Files
The server log file records RADIUS events, such as server startup or shutdown or user authentication or rejection, as a series of messages in an ASCII text file. Each line of the server log file identifies the date and time of the RADIUS event, followed by event details. You can open the current log file while RADIUS is running.
Log Rotation
Log rotation prevents RADIUS server logs from growing indefinitely. You can rotate RADIUS server log files by date or size:
- By default, RADIUS server log files are rotated daily with a filename extension that specifies the year, month, and day. You can rotate log files daily, weekly, or monthly.
The current log file is named radius.log, and rotated log files are named radius.log-YYYYMMDD, where YYYYMMDD specifies the date. For example:
-rw------- 1 rsaadmin rsaadmin 120 Dec 3 00:36 radius.log-20201203
-rw------- 1 rsaadmin rsaadmin 3613 Dec 4 00:37 radius.log
- To rotate log files by size, instead of date, use the size parameter in the radiusd file to specify a maximum size for a server log file. By default, the size parameter is commented out and set to 0.
The current log file is named radius.log, and rotated log files are named radius.log.n, where n is 1, 2, 3, and so forth. For example, the most recent rotated log file is named radius.log.1. When radius.log reaches the maxium size, a new radius.log file is created, the current radius.log file is rotated and renamed radius.log.1, and the previous radius.log.1 file is renamed radius.log.2.
The size option is mutually exclusive with the time interval options (daily, weekly, or monthly). If you specify the size option after you specify time criteria, then log files are rotated without regard for the last rotation time. The last specified option takes precedence.
Use SSH to configure RSA RADIUS log rotation in the /etc/logrotate.d/radiusd file. For more information, see the RSA Authentication Manager RADIUS Reference Guide.
Debugging Level
By default, RSA RADIUS debugging is turned off. You can enable additional logging to obtain useful information for troubleshooting. Change the debug_level to 1 or 2, depending upon how much information you want to log:
debug_level=0
Entering any invalid value, such as 3, resets the debug_level to the default value of 0.
Note: Do not change the "suppress_secrets = yes" configuration. Changing this value to "no" would log the user passcode and the client shared secret in plain text at log level 1 and 2.
RSA RADIUS debugging is configured by editing the radiusd.conf file in the Operations Console. For more information, see Edit RADIUS Server Files.
Related Articles
Authentication with SSH tools fails on Solaris asks for a password instead of passcode Number of Views Devices running Windows 10 or Windows 11 operating system crash on reboot the machine after RSA MFA Agent 2.3.x for Windo… Number of Views Authentication failing with F5 Big Iron F5 Load Balancer version 11.5 or 11.6 with no entries in the Authentication Manage… Number of Views No token storage device was detected. Verify that the device is attached or contact your administrator error and database … Number of Views Adding a new Fortinet RADIUS dictionary to RSA RADIUS for RSA Authentication Manager Number of Views
Trending Articles
RSA Authentication Manager Patch Updates How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Configuring a Checkpoint firewall to work with SecurID RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
