Skip to content

Debug Logging Pane

From the server console, click Configuration > Debug Logging

Use Debug Logging to configure logging to a text file. You can use this log instead of, or in addition to the Windows Event Viewer. If you use both the Windows Event Viewer and a debug log, you can configure them to record at different logging levels.

Note

  • When set to the same log level, the debug log contains most of the same information as the Windows Event Viewer, however the Event Viewer includes some events that occur before logging to the debug log begins.

  • You can configure the debug file to roll over based on size or time or both. If you configure both, log rollover occurs whenever the first threshold is reached.

  • Restarting the server always starts a new log.

Select Enable debug logging to log file to enable logging to a log file. Use the log level options to determine which events are logged.

SSH server and SFTP event log level

Errors, Warnings, Information, Protocol details, Hex-dump

Use this list to determine what is recorded in the debug log. These categories provide increasing detail as you move down the list, and selecting any item automatically selects all the previous items. For full control of which events are recorded, use the Custom option. Errors are fatal program errors, Warnings are authentication failures. Information includes all successful connections, logins, logouts, and general information. Protocol details include all messages sent to and from the server. Hex-dump includes all actual data exchanged and may include private and sensitive information. To maintain security, it is recommended to at least monitor Errors and Warnings. NOTE: If you have configured Reflection PKI Services Manager to send debug messages to the Reflection Secure Shell Proxy server (by enabling client debugging on the PKI Services Manager server), you need to set the log lever to Protocol details or higher to see these messages.

Note

Hex data logging may have a severe performance impact and should only be used for diagnostic purposes when the server is not busy.

Custom

Select Custom for full control over which events are recorded. Click Custom events to specify which specific events or groups of events you want logged.

Log file information

Log file directory

Specifies the log file folder. Log file names are generated automatically, using the format RSSHD-YYYYMMDD-HHMMSSmmm.log, where YYYYMMDD indicates the date, and HHMMSSmmm indicates the GMT time of log file creation.

By default, only SYSTEM and Administrators have access to the log folder. The default folder is configured with these recommended permissions. Files created in the log folder inherit the permissions of the folder. If you specify a non-existent folder, it is created with the default permissions.

Note

The default permission assignment is made only when the log folder is created. If you modify the permissions of the currently specified folder, the server does not override your changes. If you change this setting to specify an existing folder, files created by the server in that folder will inherit the permissions of the specified folder. You should check to ensure that these permissions limit log access appropriately for your organization.

Log file rollover, (by time)

Specifies that the log file should be closed and a new log opened at regular intervals.

- **Base time (UTC)**: Sets a base time, specified in [UTC (Universal Time, Coordinated) ](../glossary/glossary-of-terms.md#utc), to use for triggering creation of a new log file. New files are created at this time and at even intervals during the day based on value you specify for Interval (hours).

- **Interval (hours)**: Determines the number of hours to wait before creating a new file. The value must be a whole number factor of 24. For example, to have the log turn over twice a day starting at 2:00 PM Pacific Standard time, you would set Base time (UTC) to 22 (14:00 PST = 22:00 UTC) and Interval (hours) to 12.

Timestamps for log file entries

Use this setting to specify how times are recorded in the log file. The options are UTC or Local.

View latest log file

Opens the current log file.

More information