Symantec Privileged Access Management

  • Private Community
 View Only

 Regarding Tomcat logs

Jump to Best Answer
MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Aug 01, 2022 01:57 AM
Dear All.

The customer was able to set up the "Active Directory Connector" in the target application,
but the password has shifted for some members.
However, some members are experiencing password shifting.

Should we set the Tomcat log level to the highest to investigate the cause?
Ralf Prigl's profile image
Broadcom Employee Ralf Prigl posted Aug 01, 2022 11:19 PM Best Answer
Hello, No, the log setting is very important, either for your own investigation, or for PAM Support, if you need assistance. As mentioned in the first update, make sure to set the tomcat log level to Info and then reproduce whatever problem you have. It can take up to 30 seconds for the log level change to take effect and you should wait at least that long after setting a new level.
Ralf Prigl's profile image
Broadcom Employee Ralf Prigl posted Aug 01, 2022 10:39 AM
Hello, The tomcat log level should be Info. To understand logs when you try to update an Active Directory target account, you should be aware of PAM's update logic, explained e.g. in KB 129646. To check when PAM tried to update a target account password, you can view the Account Passwords Update Attempts report from the Credentials > Reports > Run page.
MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Aug 01, 2022 09:11 PM
Dear Ralf-san,
Thank you for your advise.

> Hello, The tomcat log level should be Info.

Am I correct in assuming that Tomcat's log level setting is irrelevant for investigating this issue?

Best Regards,