RADIUS server logging

RADIUS logs are helpful when troubleshooting.

The location of these logs varies by platform:

  • Windows: C:\Program Files (x86)\Okta\Okta RADIUS Agent\current\logs

  • Linux: /opt/okta/ragent/logs

You can gather logs together in Linux by using a command like:

$ tar -zcvf logs.tar.gz /opt/okta/ragent/logs

The Okta Syslog lets you know if we're passing the credentials to an AD agent.

You can also examine your device logs (Cisco, F5, Netscaler, and so on). Look for keywords, such as username (used to authenticate to RADIUS), followed by error messages or warnings.

You can increase the logging level to include additional debugging information in the logs, as described in the following section.

Change logging level

Versions earlier than 2.15.0

  1. Open log4j.properties, which can be found in your installation folder.
  2. Change the logging level. For example, increase the logging level by changing all three instances of info to debug. Which, when updated, should resemble:
    • log4j.logger.app=debug, app
    • log4j.logger.access=debug, access
    • log4j.rootLogger=debug, app, stdout

Version 2.15.0 and later

  1. Open log4j.xml, which can be found in your installation folder.
  2. Change the logging level. For example, increase the logging level by changing all three instances of info to debug. Which, when updated, should resemble:<?xml version="1.0" encoding="UTF-8"?> <Configuration status="error" name="OktaRadiusLogConfig"> <Appenders> . . . </Appenders> <Loggers> <Logger name="app" level="debug" additivity="false"> <AppenderRef ref="app"/> </Logger> <Logger name="access" level="debug" additivity="false"> <AppenderRef ref="access"/> <AppenderRef ref="app"/> </Logger> <Root level="debug"> <AppenderRef ref="STDOUT"/> <AppenderRef ref="app"/> </Root> </Loggers> </Configuration>