This article provides an overview of the Beyond Identity Platform Authenticator log collecting.
Windows
On Windows, these logs can be found in the AppData section of the file system. Specifically this location: %AppData%\BeyondIdentity\logs where %AppData% is C:\Users\<user name>\AppData\Local\Programs. Please note that if the User Profile configuration uses roaming profiles that the location of the log files will be in the roaming profile in Windows (this will be the default location that Windows Explorer takes you when going to the %AppData% address). Also note that if Hidden files and folders are not shown, the AppData won’t be visible from the Explorer display.
Sending the logs Beyond Identity support team can be done simply by zipping the logs folder and emailing it in a response to a ticket.
Windows Desktop Login
If you are using the Windows Desktop Login version of the Beyond Identity Authenticaticator, there are two additional logs to collect. The credProvider logs and the Desktop Login Service Logs.
Both of these WDL-specific logs can be found from %ProgramData%\BeyondIdentity\logs
The logs Beyond Identity support team can be sent simply by zipping the logs folder and emailing it in response to a ticket.
Windows Data Protection State Collection
- TPM information, including the SRK and EK public keys
- DPAPI provider registry values
- DPAPI master key files (the contents of %APPDATA%\Microsoft\Protect)
- Domain controller information
- Applications of interest
macOS - Collecting Logs by the PA
In Beyond Identity, there is a feature built into the authenticator that generates the last two weeks of log files.
Open the Beyond Identity application, then under the Help menu, click on Generate logs...
The logs will be produced in a finder window shortly after clicking the generate logs button. They can then be compressed and uploaded to support.
macOS - Collecting Logs with the log command
In macOS, the logs can also be collected in a terminal window by using the log command.
To dump all Beyond Identity PA logs into a macospa.log file:
log show --predicate 'subsystem CONTAINS "com.beyondidentity"' > macospa.log
To dump Beyond Identity PA logs from the last hour:
log show --predicate 'subsystem CONTAINS "com.beyondidentity"' -last 1h > macospa.log
For a real-time streaming of the logs to the terminal window, the following command can be used:
log stream --predicate 'subsystem CONTAINS "com.beyondidentity"'
Sys Diagnose
macOS
The sys diagnose creates a system-wide log, where it will capture full system diagnostics. This can be helpful in situations where 3rd party services could be involved.
They can do so by hitting the following keys on their keyboard.
shift + control + option + command + .
After about a minute or two, a finder window will open with the sysdiagnose file highlighted.
iOS
To trigger a sysdiagnose on iOS, perform the following steps:
-
Press VOL Up + Down + Power
-
Wait for 1s or 1.5s
-
release all buttons
You will feel a vibration. After a few minutes, go to Settings > Privacy > Analytics > Analytics Data; there be a log with sysdiagnose and the corresponding date.
Linux
On Linux, the log files can be found in:
~/.beyond-identity/logs
Logging information is collected by date so in general, you only need to send the latest log file to the support team.
Comments
0 comments
Please sign in to leave a comment.