About SSO Log Files

When you use Telnet to enable debug logging for the main components of your WatchGuard Single Sign-On (SSO) solution—the SSO Agent, Event Log Monitor, and Exchange Monitor—the SSO components all generate log messages about the activity and events that occur at each component. These log messages are saved in a log file in the installation folder where each component is installed. To troubleshoot any problems with one of your SSO components, you can open the log files and review the events that occurred on that component.

For more information about how to enable debug logging for your SSO components, go to Use Telnet to Debug the SSO Agent.

The default installation directory for the SSO components is:

  • 64-bit servers — C:\Program Files(x86)\WatchGuard\WatchGuard Authentication Gateway
  • 32-bit servers — C:\Program Files\WatchGuard\WatchGuard Authentication Gateway

The names of the log files for each SSO component are:

  • SSO Agent — wagsrvc.log
  • Event Log Monitor — eventlogmonitor.log
  • Exchange Monitor — exchangemonitor.log

Each SSO component maintains one log file that includes the most recent log messages generated by that component. The size of the log file is limited to 10MB. When a log file reaches the maximum size of 10MB, it is compressed in .GZIP format to approximately 1MB in size, and moved to the appropriate archive folder for that SSO component. For each component, there can be a maximum of 30 compressed files in the archive folder. When the maximum of 30 files is reached and a new compressed .GZIP file is added to the folder, the oldest .GZIP file is deleted to make room for the new file.

In the installation directory for each component, you can find the .GZIP file in these archive folders:

  • SSO Agent — \agent_logs
  • Event Log Monitor — \elm_logs
  • Exchange Monitor — \em_logs

The name of each .GZIP file uses this format: <log_file_name>_<createtime>_<lastwritetime>.log.gz:

  • SSO Agent — wagsrvc_<createtime>_<lastwritetime>.log.gz
  • Event Log Monitor — eventlogmonitor_<createtime>_<lastwritetime>.log.gz
  • Exchange Monitor — exchangemonitor_<createtime>_<lastwritetime>.log.gz

When the SSO component log file reaches the maximum size of 10MB, if an error occurs that does not allow the log file to be compressed, a backup log file is instead created. The log messages in the original log file are then moved to the backup log file. The log messages in the backup log files are deleted when they are replaced by the log messages in the main log file, when the main log file is again 10MB in size.

Backup log files are stored in the same directory where the main log files are stored: the location where each SSO component is installed. The names of the backup log files for each SSO component are:

  • SSO Agent — wagsrvc.log.bak
  • Event Log Monitor — eventlogmonitor.log.bak
  • Exchange Monitor — exchangemonitor.log.bak

Related Topics

About Active Directory Single Sign-On (SSO)

How Active Directory SSO Works

Troubleshoot Active Directory SSO

Download Active Directory SSO Log Files

Use Telnet to Debug the SSO Agent