Secret Server Log List

Secret Server Logs

SS log

The Secret Server system log is a top-level IIS log that reports when roles start and stop and any activity occurring on the site, as well as any legacy monitors.

Location: C:\inetpub\wwwroot\SecretServer\log

Please refer to Setting the Logging Type for more information.

SS-BSSR log

The background scheduler server role log is responsible for jobs that fire upon a trigger. Currently, we have some monitors that schedule work from the website but will transition to trigger jobs in the scheduler.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-BWSR log

The background worker server role log is responsible for logging work triggered by the background scheduler and legacy monitors. Work includes heartbeat, password changing, discovery, event pipelines, and others.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-EWSR log

The engine worker server role log is responsible for processing all responses from distributed engines, such as discovery and heartbeat.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-MMSR log

The MemoryMq server role log records internal site connector activity when RabbitMq is not installed or used.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-SRWSR log

The session recording worker server role log is responsible for processing session recordings from Secret Server.

Location: C:\inetpub\wwwroot\SecretServer\log

Protocol Handler Log

SS-RDPWin log

The Remote Desktop Protocol (RDP) for Windows log records protocol handler activity. It is located at C:\Users\Administrator\AppData\Roaming\Thycotic\log

Despite the name, the log covers more than just RDP.

To access the log:

  1. Type Run in the Windows start menu search text box to launch the Run Command application. The Run popup appears:

    image-20220228142151413

  2. Type %AppData%\Thycotic\log into the Open text box.

  3. Click the OK button. The folder containing the file appears.

Enabling Debug Logging for the Protocol Handler Log

This section explains how to enable verbose debug logging for protocol handler.

  1. Navigate to C:\Program Files\Thycotic Software Ltd\Secret Server Protocol Handler.

  2. Open the log4net-rdp.config configuration file in a text editor as an administrator:

    Copy 
    <?xml version="1.0" encoding="utf-8"?>
    <log4net>  <root>    <!--<level value="DEBUG" />-->    <!--<level value="VERBOSE" />-->    <!--<level value="OFF" />-->    <level value="INFO" />    <appender-ref ref="Thycotic.LogFileAppender" />  </root>  <appender name="Thycotic.LogFileAppender" type="log4net.Appender.RollingFileAppender">    <!--<file value="C:\LogFiles\Thycotic\SS-RDPWin.log" />-->    <file value="${AppData}\Thycotic\log\SS-RDPWin.log" />    <rollingStyle value="Size" />    <maxSizeRollBackups value="34" />    <maximumFileSize value="10MB" />    <lockingModel type="log4net.Appender.FileAppender+MinimalLock" />    <layout type="log4net.Layout.PatternLayout">      <conversionPattern value="%utcdate [CID:%property{Correlation}] [C:%property{Context}] [TID:%thread] %-5level %logger - %message%newline" />    </layout>  </appender></log4net>

  3. Comment out <!--<level value="INFO" />.

  4. Remove the comment out of <level value="DEBUG" />.

  5. Re-create the original issue a couple of times with DEBUG enabled.

  6. Navigate to ~\AppData\Roaming\Thycotic\log" on the machine you are launching protocol handler from. Copy and save the SS-RDPWin log file.

  7. Return log4net-rdp.config to its original state by removing the comment out of <!--<level value="INFO" /> and commenting out <level value="DEBUG" />

Distributed Engine Log

SSDE log

The Secret Server distributed engine log is responsible for recording distributed engine activity.

Location: C:\Program Files\Thycotic Software Ltd\Distributed Engine\log

Customers using Secret Server 11.1.6 and newer can adjust audit logging directly from the UI. Please refer to Setting the Logging Type for more information.

Customers using a Secret Server version prior to 11.1.6 need to use a manual method of adjusting the audit logs:

  1. Log in as an administrator on the distributed engine server.

  2. Locate the Thycotic.DistributedEngine.Service.exe.config in the C:\Program Files\Thycotic Software Ltd\Distributed Engine directory.

  3. Open the file in a text editor.

Enabling Debug Mode in Distributed Engine Log Files

Please see Enabling Debug Mode in Distributed Engine Log Files.

Enabling Discovery Logging

To enable discovery logging, change the Thycotic.DistributedEngine.Service.exe.config configuration file as follows:

Copy 
<logger name="Thycotic.Discovery">
  <level value="VERBOSE" />
</logger>

RabbitMQ Log

Access the RabbitMQ logs at C:\RabbitMq\log.