Logging Overview

Secret Server provides robust logging capabilities to ensure comprehensive tracking and auditing of all activities within the system. Here is an overview of the logging features in Secret Server:

Key Logging Features

• Syslog and CEF Logging:

  • Syslog: A standard protocol used for sending and receiving log and event messages between network devices, servers, and applications.

  • CEF (Common Event Format): A standardized log format for capturing and transmitting security-related events across various systems and devices.

• Secret Server can send log messages to an external syslog server using protocols like UDP, TCP, and Secure TCP (TLS).

• Configuration options include setting the syslog server, port, protocol, time zone, and date-time format.

• Secure TCP is recommended for sensitive log data to ensure encrypted transmission.

Secret Server Log List

• Distributed Engine Log: Logs distributed engine activity.

• Protocol Handler Log: Logs protocol handler activity, including RDP and SSH sessions.

• SS log: The main system log that reports when roles start and stop and any activity occurring on the site.

• SS-BSSR log: Logs jobs triggered by the background scheduler.

• SS-BWSR log: Logs work triggered by the background scheduler and legacy monitors, including heartbeat, password changing, and discovery.

• SS-EWSR log: Logs responses from distributed engines.

• SS-MMSR log: Logs internal site connector activity when RabbitMQ is not used.

• SS-SRWSR log: Logs session recordings.