Diagnostic logging must be enabled locally on the system where Defender is installed. If multiple systems are affected, it must be enabled on each system. Once logging is enabled, reproduce the issue and then submit all of the log files to Support for further review.
The default Program Files folder path is:
C:\Program Files\One Identity\Defender
In the 5.8.x version of Defender, the default Program Files folder path is:
C:\Program Files\Dell\Defender
You may have also chosen a custom folder path when the product was installed. Please keep this in mind and follow the instructions below, using the folder path that corresponds to your environment.
To enable diagnostic logging for Defender Security Server
Use Registry Editor to create the following value in the HKLM\SOFTWARE\WOW6432Node\PassGo Technologies\Defender\DSS Active Directory Edition for 64 bit machines, or for a 32 bit machine HKLM\SOFTWARE\PassGo Technologies\Defender\DSS Active Directory Edition
type: REG_DWORD
name: Diagnostics
data: 1
The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\radproxy-5.x.x.txt.
To disable diagnostic logging for Defender Security Server, delete the Diagnostics value from the DSS Active Directory Edition registry key, or set the value data to 0.
To enable diagnostic logging for Desktop Login
Use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\Defender GINA registry key:
type: REG_DWORD
name: Diagnostics
data: 1
The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\Defender Desktop Login.txt.
To disable diagnostic logging for Desktop Login, delete the Diagnostics value from the Defender GINA registry key, or set the value data to 0.
NOTE: Diagnostic logs will not be created in the below 2 scenarios unless the system is rebooted.
1. Using RDP connection, in the case Defender reuses the Microsoft user session.
2. The Group policies are configured to run startup logon scripts
To enable diagnostic logging for the Management Portal
Go to the WWW folder in the Management Portal installation directory. The path to the folder is %ProgramFiles%\One Identity\Defender\Management Portal\WWW.
Make the following changes to the Web.config text file held in the WWW folder:
• In the "log4net debug="false"" entry, set the value to "true": <<log4net debug="true">>
• In the "<level value="ERROR" />" entry, set the value to "DEBUG": <<level value="DEBUG" />>
The log file DefenderWeb.txt in the Logs folder in the Management Portal installation directory. The default path to the log file is %ProgramFiles%\One Identity\Defender\Management Portal\Logs\DefenderWeb.txt.
To disable diagnostic logging for Management Portal, set the following values in the Web.config file:
• <log4net debug="false">
• <level value="ERROR" />
To enable diagnostic logging for Administration Console
Use Registry Editor to create the following value in the HKLM\SOFTWARE\PassGo Technologies\Defender\Defender AD MMC registry key:
type: REG_DWORD
name: Diagnostics
data: 1
The path to the log file is %ProgramData%\One Identity\Defender\Diagnostics\defender_ade_mmc-5.x.x.txt.
To disable logging for Administration Console, delete the Diagnostics value from the Defender AD MMC registry key, or set the value data to 0.
Instructions for enabling debug logging on additional Defender components can be found in Appendix A: Enabling diagnostic logging of the Defender Administrator Guide.