Symantec Privileged Access Management

View Only

MySQL connection error messages

MARUBUN SUPPORT posted May 29, 2025 05:38 AM

Hi Team,

The following MySQL connection error message was output to /var/log/messages.
Are such logs forwarded to the CAPAM log server by default?
If so, could you please tell me where on the CAPAM log server they are stored?

Feb xx xx:xx:xx tcpgcaom002 GroupReplicationManager[436524]: mysql_real_connect failed, errorNum = 2003, errMsg = "Can't connect to MySQL server on [IP Address] (111)", host=[IP Address], user=pam, password=********, db=uag
Feb xx xx:xx:xx tcpgcaom002 GroupReplicationManager[436524]: MySQL error querying group replication primary server [IP Address]: Can't connect to MySQL server on [IP Address](111)

Thanks,

Broadcom Employee Ralf Prigl posted May 29, 2025 12:56 PM

I don't understand what you mean with "CAPAM log server". If your question is whether PAM will forward all messages that go into the /var/log/messages file on the PAM appliance to the configured syslog server, the answer is NO.

MARUBUN SUPPORT posted Jun 10, 2025 05:16 AM

Just to be sure, I understand that logs related to MySQL connection errors within CAPAM are not subject to forwarding to an external log server as syslog?

Broadcom Employee Ralf Prigl posted Jun 10, 2025 05:07 PM

Yes, that's correct. If this affects internal PAM processing, there may be no related error in the logs sent to the syslog server. If the error occurs in the context of PAM user activity, one would think that there is a message related to the user's activity that would get forwarded to the syslog server, or an error message is shown on the user's PAM client session.

MARUBUN SUPPORT posted Jun 11, 2025 05:38 AM

Thank you for your answer.
I apologize for the additional question.

Do you know where the error will be stored and what type it is?
Also, how are messages forwarded to an external server stored in a directory or file?

Broadcom Employee Ralf Prigl posted Jun 11, 2025 05:25 PM

Sorry, I thought we were discussing messages from /var/log/messages, which of course will be found in the /var/log/messages file on the PAM appliance. Why is there a question where they will be stored? And what does "type" mean in this context? These local log files will be included in the system log archive that you can download from the Configuration > Diagnostics > Diagnostic Logs > Download page when requested by PAM Support, and send to PAM Support for review.

PAM uses logstash to forward session log messages from the access side and metric and auditlog messages from the Credential Manager side. See documentation pages Configure a Remote Syslog Server and Syslog Message Formats.

MARUBUN SUPPORT posted Jun 12, 2025 04:13 AM

Sorry for the misunderstanding.

> If the error occurs in the context of PAM user activity, one would think that
> there is a message related to the user's activity that would get forwarded to the syslog server,
> or an error message is shown on the user's PAM client session.

In your response, you mentioned that there are cases where the data is sent to the syslog server
and cases where the data is sent to the PAM client session, so how is the distinction made?

Thanks,

Broadcom Employee Ralf Prigl posted Jun 12, 2025 03:08 PM

Sorry, that's another question I don't understand. I was just making a general statement about situations where a user triggers a workflow from a PAM client and it doesn't work. You never provided any context for your questions here, they all seem to be purely academic and I don't think there is benefit for anyone in pursuing this exchange further.