Symantec Privileged Access Management

 View Only

 MySQL connection error messages

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted May 29, 2025 05:38 AM

Hi Team,

The following MySQL connection error message was output to /var/log/messages.
Are such logs forwarded to the CAPAM log server by default?
If so, could you please tell me where on the CAPAM log server they are stored?

Feb xx xx:xx:xx tcpgcaom002 GroupReplicationManager[436524]: mysql_real_connect failed, errorNum = 2003, errMsg = "Can't connect to MySQL server on [IP Address] (111)", host=[IP Address], user=pam, password=********, db=uag
Feb xx xx:xx:xx tcpgcaom002 GroupReplicationManager[436524]: MySQL error querying group replication primary server [IP Address]: Can't connect to MySQL server on [IP Address](111)

Thanks,

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

I don't understand what you mean with "CAPAM log server". If your question is whether PAM will forward all messages that go into the /var/log/messages file on the PAM appliance to the configured syslog server, the answer is NO.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT

Just to be sure, I understand that logs related to MySQL connection errors within CAPAM are not subject to forwarding to an external log server as syslog?

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

Yes, that's correct. If this affects internal PAM processing, there may be no related error in the logs sent to the syslog server. If the error occurs in the context of PAM user activity, one would think that there is a message related to the user's activity that would get forwarded to the syslog server, or an error message is shown on the user's PAM client session.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT

Thank you for your answer. 
I apologize for the additional question.

Do you know where the error will be stored and what type it is? 
Also, how are messages forwarded to an external server stored in a directory or file?

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

Sorry, I thought we were discussing messages from /var/log/messages, which of course will be found in the /var/log/messages file on the PAM appliance. Why is there a question where they will be stored? And what does "type" mean in this context? These local log files will be included in the system log archive that you can download from the Configuration > Diagnostics > Diagnostic Logs > Download page when requested by PAM Support, and send to PAM Support for review.

PAM uses logstash to forward session log messages from the access side and metric and auditlog messages from the Credential Manager side. See documentation pages Configure a Remote Syslog Server and Syslog Message Formats.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT

Sorry for the misunderstanding.

> If the error occurs in the context of PAM user activity, one would think that 
> there is a message related to the user's activity that would get forwarded to the syslog server, 
> or an error message is shown on the user's PAM client session.

In your response, you mentioned that there are cases where the data is sent to the syslog server 
and cases where the data is sent to the PAM client session, so how is the distinction made?

Thanks,

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

Sorry, that's another question I don't understand. I was just making a general statement about situations where a user triggers a workflow from a PAM client and it doesn't work. You never provided any context for your questions here, they all seem to be purely academic and I don't think there is benefit for anyone in pursuing this exchange further.