When a VIP Enterprise Gateway (EG) Validation Server enters Automatic Business Continuity (ABC) or manual Business Continuity (BC) mode, user login information is not recorded in the server logs even if the log level is set to INFO.

Specifically:

• The logs record that logins were successfully completed.
• The logs do not capture the individual usernames performing the login.
• This behavior occurs immediately after Business Continuity is enabled for the validation servers.
• User details are captured in Non BC mode for INFO log level.

Symantec VIP Enterprise Gateway version 9.11.x

When Business Continuity mode is active, the Validation Server follows a specific "fail-open" code path to ensure authentication availability despite a loss of cloud connectivity. In the current implementation of this code path, the logic to extract and print the authenticated username to the local logs is absent. The system prioritizes rapid 1st-factor LDAP lookups and 2nd-factor acceptance (ACCEPT-ACCEPT) over detailed auditing in this emergency mode.

This is a known limitation in the logging behavior during Business Continuity mode. An Engineering request has been submitted to include user identification in the validation server logs for future releases of VIP Enterprise Gateway.

Workaround

There is no configuration change currently available to force username logging while in Business Continuity mode. To maintain full auditing capabilities:

1. Monitor Connectivity: Ensure robust connectivity to the VIP Cloud (https://userservices-auth.vip.symantec.com) to minimize the duration that validation servers spend in ABC mode VIP Business Continuity.
2. Verify Status: Monitor the VIP Health Check service status to ensure servers return to normal mode (where usernames are logged) as soon as connectivity is restored.