Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 5.9.0 - Administration Guide

Preface Introduction The concepts of SPS The Welcome Wizard and the first login Basic settings User management and access control Managing SPS
Controlling SPS: reboot, shutdown Managing Safeguard for Privileged Sessions clusters Managing a high availability SPS cluster Upgrading SPS Managing the SPS license Accessing the SPS console Sealed mode Out-of-band management of SPS Managing the certificates used on SPS
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search (classic) interface Using the Search interface Searching session data on a central node in a cluster Advanced authentication and authorization techniques Reports The SPS RPC API The SPS REST API SPS scenarios Troubleshooting SPS Configuring external devices Using SCP with agent-forwarding Security checklist for configuring SPS Jumplists for in-product help Third-party contributions About us

Support bundle

To track down support requests, the One Identity Support Team might request you to collect system-state and debugging information. This information is collected automatically, and contains log files, the anonymized excerpt of the configuration export file of SPS, and various system-statistics. To generate a support bundle, navigate to Basic Settings > Troubleshooting > Create support bundle.

The exported file is a zip-compressed archive.

The name of the exported file is debug_info-<hostname>YYYYMMDDHHMM. Sensitive data like key files and passwords are automatically removed from the configuration files.

For details on how to create a support bundle, see: Collecting logs and system information for error reporting.

The support bundle is used for:
  • Collecting a snapshot of the past week's system-state information for the One Identity Support Team for troubleshooting and debugging purposes.

  • Collecting information about a specific error by generating data for a defined time interval where the event that causes the error is reproduced. This is also used by the One Identity Support Team for troubleshooting and debugging purposes.

The support bundle contains the following:
  • Debug logs, Connection logs and OS logs of the past week, one file per day. If there are too many events in a day, the log file in the support bundle only contains a truncated version of the connection logs. In this case, the complete log file is only accessible at /var/log/messages-<day>.

  • An excerpt of the configuration export file:

    • The anonymized version of the configuration XML file

    • Plugins

  • System-state information (for example, version details, statistics, memory usage, system warnings, and so on).

  • List of core files. This list might indicate previous system crashes.

  • RAID controller information.

  • Upgrade logs

  • Dashboard data

Debug logs

To increase the log level of the non-connection-related events, for example, to add the commands executed by the SPS web interface to the logs, enable debug level logging at Basic Settings > Management > Verbose system logs > Enable.

These logs are accessible at /var/log/scb-<day>.

The debug logs are used for:
  • Our Support Team uses this to investigate the reasons behind a web user interface-related issue.

The debug logs contain the following:
  • Logs generated by the SPS web interface.

  • System daemon logs.

  • Logs of periodic cron jobs.

Connection logs

The connection logs contain all connection-related information of the past week, one file per day. A file contains all logs for all connections for a single day.

The logging level of SPS can be set separately for every protocol. To change the verbosity level of SPS, navigate to <Protocol name> Control > Global Options.

These logs are accessible at /var/log/zorp-<protocol-name>-<day>.


The verbosity level ranges from 1 (no logging) to 10 (extremely detailed), with level 4 being the default normal level. To debug complex problems, you might have to increase the verbosity level to 6. Higher level is needed only in extreme cases.


High verbosity levels generate very large amount of log messages and might result in a very high load on the machine.

Around log levels 9-10, the logs can contain highly sensitive data, for example, passwords in plain text format.

The connection logs are used for:
  • Our Support Team uses this to investigate the reasons behind a failed connection.

The connection logs contain the following:
  • Connection success/failure events

  • Other connection-related events

Core dump files

SPS automatically generates core dump files if an important software component (for example, Zorp) of the system crashes for some reason. These core dump files can be of great help to the One Identity Support Team to identify problems. When a core dump file is generated, the SPS administrator receives an alerting e-mail, and an SNMP trap is generated if alerting is properly configured (for details, see Configuring system monitoring on SPS and System logging, SNMP and e-mail alerts).

To list and download the generated core dump files, navigate to Basic Settings > Troubleshooting > Core files.

For details on core dump files, see: Gathering data about system problems.

The core dump files are used for:
  • The One Identity Support Team uses this to investigate the reasons behind a system crash.

The core dump files contain the following:
  • The recorded state of the working memory of a computer program at a specific time, generally when the program has crashed or otherwise terminated abnormally.

Related Documents