Skip to main content

Collecting Local Logs from an Endpoint

Matti Ketonen
  • Updated

 

This article provides an overview of the Beyond Identity Platform Authenticator log collecting.

Windows

On Windows, these logs can be found in the AppData section of the file system. Specifically, this location: %AppData%\BeyondIdentity\logs where %AppData% is C:\Users\<user name>\AppData\Local\Programs. Please note that if the User Profile configuration uses roaming profiles the location of the log files will be in the roaming profile in Windows (this will be the default location that Windows Explorer takes you when going to the %AppData% address). Also, note that if Hidden files and folders are not shown, the AppData won’t be visible from the Explorer display.

Sending the logs Beyond Identity support team can be done simply by zipping the logs folder and emailing it in response to a ticket.

 

Windows Desktop Login

If you are using the Windows Desktop Login version of the Beyond Identity Authenticaticator, there are two additional logs to collect. The credProvider logs and the Desktop Login Service Logs.

Both of these WDL-specific logs can be found from %ProgramData%\BeyondIdentity\logs

The logs Beyond Identity support team can be sent simply by zipping the logs folder and emailing it in response to a ticket.

 

Windows Data Protection State Collection

CollectDPState.ps1 is a PowerShell script that collects and archives the data protection (DP) state of a Windows computer. It is intended to be run before and after reproducing an issue where a loss of protected data has occurred (e.g., the loss of Beyond Identity keys after a password reset).
 
Running the script will produce a timestamped zip archive of the collected data in the same directory as the script. The user should send the archive to Beyond Identity for analysis.
 
Data collected:
 
- Basic computer and operating system information
- TPM information, including the SRK and EK public keys
- DPAPI provider registry values
- DPAPI master key files (the contents of %APPDATA%\Microsoft\Protect)
- Domain controller information
- Applications of interest
 

macOS

In Beyond Identity version 2.66.0 there is a feature built into the authenticator that sends a feedback with the possibility to include the log files. Clicking on the the Beyond Identity Authneticator icon and selecting "Send feedback" will open the "Send feedback" window. Here you can add your comments, name, and email address.
To include your local logs also, please check the box where it says "Include Beyond Identity logs". If you are on an older version, update, and then you can utilize this feature retroactively.
Screenshot_2022-10-13_at_13.33.32.png

Once you added your comments and details, click on the "Submit feedback" button in the bottom right corner of the window. Once the feedback is submitted, we will receive your comments, details and logs (if marked previously).

Sys Diagnose

macOS

The sys diagnose creates a system-wide log, where it will capture full system diagnostics. This can be helpful in situations where 3rd party services could be involved.

They can do so by hitting the following keys on their keyboard.

shift + control + option + command + .

 
                                 0FLmr.jpg



After about a minute or two, a finder window will open with the sysdiagnose file highlighted.

iOS

To trigger a sysdiagnose on iOS, perform the following steps:

  1. Press VOL Up + Down + Power

  2. Wait for 1s or 1.5s

  3. release all buttons

You will feel a vibration. After a few minutes, go to Settings > Privacy > Analytics > Analytics Data; there be a log with sysdiagnose and the corresponding date.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk