RADIUS Server Log Files
The server log file records RADIUS events, such as server startup or shutdown or user authentication or rejection, as a series of messages in an ASCII text file. Each line of the server log file identifies the date and time of the RADIUS event, followed by event details. You can open the current log file while RADIUS is running.
Log Rotation
Log rotation prevents RADIUS server logs from growing indefinitely. You can rotate RADIUS server log files by date or size:
- By default, RADIUS server log files are rotated daily with a filename extension that specifies the year, month, and day. You can rotate log files daily, weekly, or monthly.
The current log file is named radius.log, and rotated log files are named radius.log-YYYYMMDD, where YYYYMMDD specifies the date. For example:
-rw------- 1 rsaadmin rsaadmin 120 Dec 3 00:36 radius.log-20201203
-rw------- 1 rsaadmin rsaadmin 3613 Dec 4 00:37 radius.log
- To rotate log files by size, instead of date, use the size parameter in the radiusd file to specify a maximum size for a server log file. By default, the size parameter is commented out and set to 0.
The current log file is named radius.log, and rotated log files are named radius.log.n, where n is 1, 2, 3, and so forth. For example, the most recent rotated log file is named radius.log.1. When radius.log reaches the maxium size, a new radius.log file is created, the current radius.log file is rotated and renamed radius.log.1, and the previous radius.log.1 file is renamed radius.log.2.
The size option is mutually exclusive with the time interval options (daily, weekly, or monthly). If you specify the size option after you specify time criteria, then log files are rotated without regard for the last rotation time. The last specified option takes precedence.
Use SSH to configure RSA RADIUS log rotation in the /etc/logrotate.d/radiusd file. For more information, see the RSA Authentication Manager RADIUS Reference Guide.
Debugging Level
By default, RSA RADIUS debugging is turned off. You can enable additional logging to obtain useful information for troubleshooting. Change the debug_level to 1 or 2, depending upon how much information you want to log:
debug_level=0
Entering any invalid value, such as 3, resets the debug_level to the default value of 0.
Note: Do not change the "suppress_secrets = yes" configuration. Changing this value to "no" would log the user passcode and the client shared secret in plain text at log level 1 and 2.
RSA RADIUS debugging is configured by editing the radiusd.conf file in the Operations Console. For more information, see Edit RADIUS Server Files.
Related Articles
Authentication with SSH tools fails on Solaris asks for a password instead of passcode Number of Views Get Java Auth API sample code to authenticate consistently with 'Requires Name Lock' enabled Number of Views RSA Identity Governance & Lifecycle Entitlements Data Collector (EDC) failure EC[31002] Number of Views AFX failure when Proxy is enabled without defining Proxy Host or Port values in RSA Governance & Lifecycle Number of Views Configure User Browsers for Integrated Windows Authentication Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide User Event Monitor Messages for Cloud Access Service (1501 - 20406) RSA Release Notes for RSA Authentication Manager 8.8 Troubleshooting RSA MFA Agent for Microsoft Windows RSA MFA Agent 2.5 for Microsoft Windows Group Policy Object Template Guide
