How to enable the client log

  • 7021106
  • 18-Jul-2017
  • 04-Sep-2018

Environment

NetIQ Privileged Account Manager

Situation

How to enable the client log for forked processes
Logs generated by the forked processes will not be present in the standard unifid.log
The client log can be enabled to capture events for these forked processes
How to capture logs for client connections not captured in the unifid.log
Example of forked client processes: sshrelay, rdprelay.

Resolution

  1. Edit /opt/netiq/npum/config/unifi.xml and add the following line nested within as a child to the <Unifi> tag:
    <ClientLog level="trace" file="logs/client.log" max_size="10"/>
    Note: Restarting the NPUM service is optional after adding this line.

  2. Try the client-type connection or session once more for the log to be generated and begin capture.
    Please find this log in the following location:
    /opt/netiq/npum/logs/client.log
    C:\Program Files\Netiq\npum\logs\client.log
    Note: Any new client sessions that occur on this server will start being logged here.

  3. When finished, please disable the client log so unnecessary logging does not occur consuming disk space.
    Either remove the line added in Step 1 above or encapsulate it within an xml comment:
    <!-- <ClientLog level="trace" file="logs/client.log" max_size="10"/> -->
    Then restart the PAM service for the settings to be picked up.

Additional Information

The following is an example of where this client log tag can be placed:

<Unifi db_sync="1" service_name="npum">
  <ClientLog level="trace" file="logs/client.log" max_size="10"/>
  <Worker min="5" smax="20" hmax="60" ttl="60" stacksize="1048576" guardsize="0"/>
  <Handler base="service/local">
    <Engine type="dso" lib="spf_dso"/>
    <Engine type="perl" lib="spf_perl"/>
  </Handler>
  <SSL b.changed="1" i.reneg_dos_protection="0"/>
  <Log rollover="D1" I.max_size="250" level="debug" file="logs/unifid.log">
    <Script/>
  </Log>
</Unifi>