Sometimes it is necessary to enable debugging for the CA PAM Client in order to understand why it is failing. This document explains how to enable debug level logging for the CA PAM Client

Customers have request this as such: I need to obtain more information from the CA PAM Client behavior. Is there any way I can put the client  in debug for more granular footprints in logs.log ?

Product: Privileged Access Manager.

Version: 3.x and above

In order to turn on additional logging for the PAM Client you must create a blank file called

log.user.properties

in the folder where the PAM client is installed.

Again, ensure this  log.user.properties file you create contains no data. 

Additional information will be logged in the CA PAM Client log file, called logs.log.

Note that increasing the debugging for CA PAM Client will cause it to write much more detailed information which, in turn, will make logs.log to rotate and produce several files over time. If asked for logs by CA Support please submit the complete list of logs.* files.

To avoid creating unnecessary logs, please delete the file as soon as troubleshooting is completed, to make CA PAM Client return to normal operation stopping the very detailed logging.