Technical Tip: Diagnostic TACACS debug logs section do not display new logs events

jcastellanos · ‎01-08-2024

Description

This article describes that sometimes, TACACS debug logs do not show events even when it is possible to see them in raw logs.

Scope

FortiAuthenticator v6.5.x.

Solution

It is not possible to see new events in the TACACS debugs:

1-no authentication logs.PNG
It is necessary to validate in raw that there are new authentication events:

2-raw log.PNG

Validate it under TACACS+ -> General. If the log level is debugged, it sometimes could be in another level.

3-debug level error.PNG

4- level debug.PNG

If there are still not new logs events, go the shell mode and collect the information:

Load debugs kit for FortiAuthenticator version via GUI via following the below aricle:

Technical Tip: How to enable the debug kit on FortiAuthenticator

SSH into FortiAuthenticator and enter shell mode:

>shell

Once it is in shell mode, run the following :

ls -alh /var/log <----- Capture the output of this command in a text file.
ps -a <----- Capture the output of this command in a text file.
rm -rf /var/log/tac_*
killall tac_plus
ls -alh /var/log <----- Capture the output of this command in a text file.
ps -a <----- Capture the output of this command in a text file.

Validate if there are new TACACS events:

5-authentication debug log.PNG

If it still does not work, open a new ticket with TAC to further analyze and upload the collected information.

Technical Tip: Diagnostic TACACS debug logs section do not display new logs events

You are leaving our website