You can access basically every log that the platform generates. Naturally, this means that you may not be able to understand everything which you can read. You don't have to. If you have any questions, drop a message and we're happy to answer them.

Log Types

Log types not mentioned in below table are less relevant for common trouble shooting scenarios.

Log TypeSummaryUseful for ...


Aggregated and correlated logs that provide key information on every authentication, e.g.

  • Timestamp

  • Authentication duration

  • Identity of the supplicant

  • Credentials used (username/password, certificate)

  • Client authentication certificate used incl. verification type (ocsp or crl) and verification result (valid or revoked)

  • Authentication decision (Accept or Reject)

  • Error message (Rejects only)

  • Applied rule

  • MAC addresses (authenticator / supplicant)

  • Network type (WiFi, LAN, VPN)

  • SSID (for WiFi only)

  • AAA protocol used (radius or radsec)

Most troubleshooting scenarios, e.g. debugging


Generated by the RADIUS Proxies (in case at least one is configured)


Comprehensive (raw) logs generated by the RadSec server(s). They include most EAP messages exchanged between supplicant and RADIUSaaS during authentication ("inner tunnel" messages).

  • Debugging of issues that go beyond what can be debugged with the engine logs, e.g. checking if authentications are incomplete (Acess-Reject or Access-Accept missing for a particular authentication)

  • Troubleshooting issues with the RadSec connection - if used by your infrastructure

    • Accessing the entire error message stack (found in Access-Reject messages) in case the error message parsed in the engine logs is ambiguous.


Comprehensive (raw) logs generated by the RadSec server(s) related to the RadSec connection.

  • Troubleshooting RadSec connections issues, e.g. trust issues.

  • Identifying certificates presented by the authenticators when establishing RadSec connections.

Last updated