This section describes collecting and viewing of logs generated about the operations of Tectia Server.
By default, the Management Agent does not collect logs from SSH servers. For instructions on enabling log collection, see Enabling Log Collection in Management Agent Configuration.
See also Management Server Log Collection Process for a technical description of the log collection process.
When logging is enabled in the Management Agent configuration, the Management Agent collects the logs from the managed Tectia Server hosts as follows:
On Unix hosts: the Management Agent
sysmonitorprocess collects system log events generated by Tectia Server and forward them to the Management Server. The syslog facility used by Tectia Server and the SFTP server is defined in the server configuration.
The Management Server forwards all collected log information to the Management Server machine's system log.
Using these two capabilities, it is possible to route all system log entries related to Tectia Server to the Management Server, which in turn can then provide them to third-party applications through the Management Server machine's system log.
On Windows hosts: the Management Agent collects all log messages generated by Tectia Server from the Windows Event Log and sends them to the Management Server. The event log filter for Tectia Server and the SFTP server is defined in the Tectia Server configuration.
If necessary, you can disable log collection on some managed hosts by editing the configuration file on the host:
Edit the line for the SecshMonitorLogPollInterval configuration option in the
/etc/opt/ssh-mgmt/agent/agent-secsh.datfile and set its value to
0. This will prevent the sysmonitor from sending log events to the Management Server.
After modifying the
/etc/opt/ssh-mgmt/agent/agent-secsh.datfile, restart the Management Agent.
/etc/syslog.conffile and remove the following lines:
# Tectia Manager (ssh-mgmt-agent) automatic syslog.conf entry \ (DO NOT EDIT!) *.debug/var/run/ssh-mgmt-temp-log
Restart syslog. See the manual page for
syslogdfor instructions on how to do this. Typically this is done by sending the HUP signal to the
kill -HUP <pid>
Copying the log messages that Management Agents send to the Management Server can be disabled in the administration interface.
To disable the copying of log messages:
Click Settings → System settings on the menu.
On System settings, click the Edit button.
Clear the Enable copying sshd log messages from managed hosts to Management Server syslog check box, and click the Save button.
If logs are enabled, the Management Agent collects all Secure-Shell-related log data from the syslog files of the managed hosts and copies it to the Management Server. The Management Server stores this information into its database.
This collected log data can be viewed by administrators. The information includes:
Event time: This is the time when the log event actually took place on the host. This time is the local time of the host, not the time of the Management Server (GMT).
Host: The hostname
PID: The ID of the process that entered the log event into the syslog.
Process: A string describing the name of the process that entered the log event into the syslog. In this release this is
sshd2(for 4.x), or
sft-server-g3(for 5.x and 6.x).
Message: The free text part of the system log entry, contains a description of the event.
These log entries can be filtered by hostname, event time, and message content.
To view the Tectia Server logs, click Logging → Tectia Server logs on the menu. Enter the appropriate search criteria and change the time period if necessary. Click the Search button to start the search.
Logs of the matching hosts are displayed. See an example in the figure below.
Click Close to return to the log search page.
To view logs sent from a managed Tectia Server host:
Click Hosts → View hosts on the menu.
Select a Tectia Server host that is sending the logs (through View hosts or Search hosts).
Click the Secure Shell software tab, and click the Log data tab. The collected log is shown.
Click Close to return to the View hosts page, or click another tab to continue.