Web Security Service (WSS).
Auth Connector debug logs are required to troubleshoot specific situations. An example would be a scenario such as "Unauthenticated User" shown in reports.
The Auth Connector logs (BCCA logs) are a record of the agent's activity. This information is valuable for finding the root cause of a problem that is related to authentication or connectivity between the Auth Connector and the WSS.
These logs are important for the detailed insight they contain on the inner workings of BCCA. Alternatively, you can configure the reporting of live debug events to have a preliminary view of authentication and debug events. However, these are not as complete, and quickly populate your Event Viewer log. Only use live debug for live troubleshooting sessions.
ACLogon not connecting.
Live debugging guide:
Now that we have enabled the live debug, we can go to the event viewer to check for useful events.
Under Windows Logs > Security, we may find logon events such as the one displayed here. The subject is our BCCA user name (such as CONTOSO\srv.bluecoat). And the new logon is our user authenticating (such as CONTOSO\pam.receptionist).
You may choose to search for a particular user name and see if the logon was captured under the service's user name. Searching for CONTOSO\ladmin would yield us a record very similar to this one.
Events such as these will be visible at Windows logs > Application, you can use the event viewer to diagnose them as you go.
These logs are no substitute for the real debug logs. They are helpful if you are working on a WebEx or have limited time to work on a server.