Using debug Logs

Debug logs include detailed information such as reason of failure, list of parameters and session interval value.

Perform the following steps to enable logging at the debug level:

Access Gateway:

Click Devices > Access Gateways > Edit > Advanced Options.
Add the following line:
```
LogLevel debug 
```

Identity Server:

Click Devices > Identity Servers > Edit > Auditing and Logging.
Select File Logging and Echo to Console.
Under Component File Logger Levels > Application, select debug.

Sample log messages generated at the debug log level when Session Assurance fails:

Device Fingerprint Evaluation Trace for Identity Server

This log snippet provides the following information:

User DN
Correlation ID (session ID)
Currently fetched device information
Device Fingerprint (Device fingerprint stored in the session)
Result
Failure cause
Offending Mandatory Attribute (information about the parameter that did not match)
List of parameters being considered in the fingerprinting

*************Device Fingerprint Evaluation Trace*************
 
Evaluating device fingerprint for user: cn=admin,o=novell
Correlation ID: CF0E200CA9FB92A3F29D79560140526E
Currently fetched device info: {"availFontSet":{},"cpuArchitecture":{"cpuArchitecture_cpuArchitecture":"amd64"},"deviceLanguage":{"deviceLanguage_deviceLanguageSet":"en-US,en","deviceLanguage_deviceDefaultLanguage":"en-US"},"html5DataSet":{},"navigatorPlatform":{},"operatingSystem":{"operatingSystem_osName":"Windows","operatingSystem_osVersion":"7"},"screenResolution":{},"userAgent":{},"webglData":{},"nonce":"1470635556957","deviceType":"NA$NA$NA","deviceTouchPoints":0,"colorDepth":24,"headerSet":{},"userDN":{},"clientIP":{}}
Total number of known devices to compare against: 1
Overall Result: Mismatch
 
*************Summary of comparison against known device*************
 
        Evaluation Result: Mismatch
        Device Fingerprint: {"deviceType":"NA$NA$NA","deviceLanguage_deviceLanguageSet":"en-US,en,af","deviceLanguage_deviceDefaultLanguage":"en-US","deviceTouchPoints":"0","cpuArchitecture_cpuArchitecture":"amd64","colorDepth":"24","nonce":"1470635480882","operatingSystem_osName":"Windows","operatingSystem_osVersion":"7"}
        Failure Cause: Atleast one mandatory attribute failed match/is unavailable.
        Offending Mandatory Attribute: deviceLanguage_deviceLanguageSet
 
***************End of comparison against known device***************
 
***************************Trace End*************************
 </amLogEntry>
 
<amLogEntry> 2016-08-08T05:52:39Z SEVERE NIDS Application: Session seems to have got hijacked so logout! Trying to forcefully log out session CF0E200CA9FB92A3F29D79560140526E. Root cause: error during evaluating fingerprint. Evaluated nonce is null

Device Fingerprint Evaluation Trace for Access Gateway

Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: configuring session assurance policy
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: session assurance is enabled
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: trigger time =1
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: list of attributes enabled for session assurance...
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: server side finger print=clientip
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = colorDepth
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = cpuArchitecture_cpuArchitecture
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = deviceTouchPoints
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = deviceTouchSupport
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = deviceType
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = deviceLanguage_deviceLanguageSet
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = deviceLanguage_deviceDefaultLanguage
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = operatingSystem_osName
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = operatingSystem_osVersion
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: server side finger print=user-agent
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = timezoneOffset
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = dnt
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = navigatorConcurrency
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = navigatorPlatform_navigatorPlatform
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = userAgent_uaName
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = userAgent_uaVersion
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = html5DataSet_html5AVData
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = availFontSet_availableFonts
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: advanced session assurance = webglData
Sep 29 18:03:05 lsb httpd[30697]: [info] AM#504600000 AMDEVICEID#ag-95F88CA3CFF470ED: AMAUTHID#: AMEVENTID#8568: session assurance policy configured successfully