Trusted Agent Logging

Extensive and detailed logging is available for Trusted Agent connectivity and operations, including activities that occur on CSM servers, Trusted Agent Hubs, and Trusted Agents.

Logging can be configured to go to the Windows event log, files, or to a Splunk server. For best results, log debug messages to a file or to Splunk rather than to the Windows Event Log because CSM generates many messages when debug logging is enabled.

The logging information collected is determined by the service/server with logging enabled.

Detailed logging information for: Then enable logging for: Location
Trusted Agent Hub Browser Client

When using file logging:

  • SaaS customers can view the Hub logs by selecting Browser Client in the Log Viewer in CSM Administrator. For more information, see Log Viewer Utility.
  • The log file must be writable by the IIS application pool in which the Browser Client is running.
  • Do not place the log file within the physical path for the Browser Client. Changing the files in this directory, or subdirectory, can cause the application pool to recycle every time the log file is updated, resulting in Users being logged out unexpectedly.
Cherwell Server Manager on the Trusted Agent Hub.

Cherwell performs this task for SaaS customers.

Trusted Agent Trusted Agent Server, Cherwell Application Server Cherwell Server Manager on each Trusted Agent server and on the main CSM server.

The Trusted Agent Service logs messages through the Cherwell Application Server on the main CSM server, in addition to logging on its own server.

Detailed logging is available on the Trusted Agent server when enabled. Warning and Above logging for the Trusted Agent Service is also available on the main CSM server if logging is enabled for the main Cherwell Application Server at the Warning and Above level or higher.

When logging is enabled on the Trusted Agent server, it can take up to 60 seconds for messages to be seen and delivered to the Cherwell Application Server.

This information applies to both on-premises and SaaS customers.

Initiation of Trusted Agent operations from CSM servers Application Server or Cherwell Service Host Cherwell Server Manager.
Manual Active Directory or external data imports from CSM Administrator. Client-side logging. Logging configured in the CSM Desktop Client applies to CSM Administrator. For more information, see Configure User General Settings

Set log levels for selected log types:

Log to Option description
Event log Log level:
  • Debug and above: Very verbose messages. This level is space and resource intensive.

    For best results, log debug messages (Debug and above) to a file or to Splunk, and NOT to an event log. CSM logs numerous debug messages, so a log would be slow and might require more resources.

  • Stats and above: Detailed messages that track performance.
  • Info and above: Informational messages that can be used to diagnose a problem.
  • Warning and above: Warning messages that occurred.
  • Error and above: Errors that were encountered.
  • Fatal only: Errors that caused the service or process to stop.

To see email success and failure messages, choose Info and above or Debug and above.

  • Log Level: Select an event classification as described above (example: Debug and above, Info and above, etc.)
  • File Name: Select the Ellipses button to select a location for the log file.
  • File Size Limit: By default, the file size is set to 10 MB, but can be changed by entering a new value in the field.
  • File Count Limit: Rolling event logs are used, so that when the maximum file size is reached for a log file, a new file is created. By default, the number of files is set to 20 (but can be changed), after which the oldest log file is overwritten by continued logging.
Splunk Writes the logs to a Splunk server. You must configure Spunk logging for logging to Splunk.