RADIUS Diagnostic Logs

The RADIUS diagnostic log utility allows you to view trace and debug-level RADIUS messages. When RADIUS diagnostic logging is enabled, the diagnostic tool logs all requests that Ivanti Policy Secure receives from RADIUS clients. RADIUS requests initiated by Ivanti Policy Secure do not appear in the log.

Observe the following guidelines:

  • Diagnostic logging affects system performance.
  • All events that appear in the log have an ID code, and all messages in a thread are tagged with the same ID. This allows you to track individual log ins or log in attempts.
  • Source IP addresses are represented as 127.0.0.1 (the loopback address).
  • For Layer 2 connections, the calling station ID is the MAC address of the endpoint.
  • Passwords are suppressed and do not appear in the logs.
  • When the log fills up, logging stops. You can clear the log to restart logging.
  • Raw traffic is not available in the log. To view raw traffic, use the tcpdump feature.

To use RADIUS diagnostic logging:

  1. Select Maintenance > Troubleshooting > Diagnostics Logs to display the configuration page.
  2. Complete the configuration as described below.
  3. Click Save Changes. When you save changes with RADIUS Diagnostic Logging On selected, the system begins generating diagnostic log entries.
  4. Initiate the action you want to debug, such as a user sign in. You can clear the debug log file to restart diagnostic logging if it takes you too long to initiate the action.
  5. Manage the resulting log:
    • Click Save Log to save the log files in a zipped format.
    • Click Clear Log to remove previous logs and start diagnostic logging with a fresh file.
    • Click Save And Clear Log to save the diagnostic log to a file that you can send to PSGSC. The existing logs in the device will be cleared after saving.
  6. Unselect RADIUS Diagnostic Logging On and click Save Changes to turn off diagnostic logging.

Settings

Guidelines

RADIUS Diagnostic Logging On

Specify the source IP address if you know it. If you are able to provide the source IP address, the policy trace log can include events that occur before the user ID is entered into the system.

Max Diagnostic Log Size

Specify a maximum logfile size. The default is 1000 MB.