Secret Server Log List

This topic only applies to Secret Server On-Premises.

Below is a collection of log lists that can be used with Secret Server.

Secret Server Logs

SS log

The Secret Server system log is a top-level IIS log that reports when roles start and stop, along with any activity occurring on the site, as well as any legacy monitors.

Location: C:\inetpub\wwwroot\SecretServer\log

Please refer to Setting the Logging Levels for more information. See Enabling Debug Mode in System Logs for more information.

SS-BSSR log

The background scheduler server role log is responsible for jobs that fire upon a trigger. Currently, we have some monitors that schedule work from the website but will transition to trigger jobs in the scheduler.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-BWSR log

The background worker server role log is responsible for logging work triggered by the background scheduler and legacy monitors. Work includes heartbeats, password changing, discovery, event pipelines, and more.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-EWSR log

The engine worker server role log is responsible for processing all responses from distributed engines, such as discovery and heartbeats.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-MMSR log

The MemoryMq server role log records internal site connector activity when RabbitMQ is not installed or used.

Location: C:\inetpub\wwwroot\SecretServer\log

SS-SRWSR log

The session recording worker server role log is responsible for processing session recordings from Secret Server.

Location: C:\inetpub\wwwroot\SecretServer\log

Protocol Handler Log

SS-RDPWin log

The Protocol Handler log records protocol handler activity among other features.

Location: stored per user on the workstation, search for: %AppData%\Thycotic\log\SS-RDPWin.log.

Despite the name, the log covers more than just RDP.

To access the log:

  1. Type Run in the Windows start menu search text box to launch the Run Command application. The Run popup appears:

    image-20220228142151413

  2. Type %AppData%\Thycotic\log into the Open text box.

  3. Click the OK button. The folder containing the file appears.

Enabling Debug Logging for the Protocol Handler Log

This section explains how to enable verbose debug logging for the Protocol Handler:

  1. Navigate to C:\Program Files\Thycotic Software Ltd\Secret Server Protocol Handler.

  2. Open the log4net-rdp.config configuration file in a text editor as an administrator:

    Copy 
    <?xml version="1.0" encoding="utf-8"?>
    <log4net>  <root>    <!--<level value="DEBUG" />-->    <!--<level value="VERBOSE" />-->    <!--<level value="OFF" />-->    <level value="INFO" />    <appender-ref ref="Thycotic.LogFileAppender" />  </root>  <appender name="Thycotic.LogFileAppender" type="log4net.Appender.RollingFileAppender">    <!--<file value="C:\LogFiles\Thycotic\SS-RDPWin.log" />-->    <file value="${AppData}\Thycotic\log\SS-RDPWin.log" />    <rollingStyle value="Size" />    <maxSizeRollBackups value="34" />    <maximumFileSize value="10MB" />    <lockingModel type="log4net.Appender.FileAppender+MinimalLock" />    <layout type="log4net.Layout.PatternLayout">      <conversionPattern value="%utcdate [CID:%property{Correlation}] [C:%property{Context}] [TID:%thread] %-5level %logger - %message%newline" />    </layout>  </appender></log4net>

  3. Comment out <!--<level value="INFO" />.

  4. Remove the comment out of <level value="DEBUG" />.

  5. Recreate the original issue a couple of times with DEBUG enabled.

  6. Navigate to ~\AppData\Roaming\Thycotic\log" on the machine you are launching the Protocol Handler from.

  7. Copy and save the SS-RDPWin.log log file.

  8. Return log4net-rdp.config to its original state by removing the comment out of <!--<level value="INFO" /> and commenting out <level value="DEBUG" />

Distributed Engine Log

SSDE log

The Secret Server distributed engine log is responsible for recording distributed engine activity.

Location: C:\Program Files\Thycotic Software Ltd\Distributed Engine\log.

Customers using Secret Server 11.1.6 and newer can adjust audit logging directly from the UI. Please refer to Setting the Logging Levels for more information.

Customers using a Secret Server version prior to 11.1.6 need to use a manual method of adjusting the audit logs:

  1. Log in as an administrator on the distributed engine server.

  2. Locate the Thycotic.DistributedEngine.Service.exe.config file in the C:\Program Files\Thycotic Software Ltd\Distributed Engine directory.

  3. Open the file in a text editor.

Enabling Debug Mode in Distributed Engine Log Files

Please see Enabling Debug Mode in DE Log Files for more details on how to proceed.

Enabling Discovery Logging

To enable discovery logging, change the Thycotic.DistributedEngine.Service.exe.config configuration file as follows:

Copy 
<logger name="Thycotic.Discovery">
  <level value="VERBOSE" />
</logger>

RabbitMQ Log

Access the RabbitMQ logs at C:\RabbitMq\log.