Download the UAG-log-archive.zip file from the Support Settings section in the Admin UI. This ZIP file contains all logs from your Unified Access Gateway appliance.

Set the Logging Level

You can configure log levels for the entire Unified Access Gateway appliance or only for specific Unified Access Gateway components such as the Horizon edge service (and sub-components), admin UI, and Web Reverse Proxy. The log levels that can be generated are ERROR, WARN, INFO, DEBUG, and TRACE.

A description of the type of information that the log levels collect follows.
Table 1. Logging Levels
Level Type of Information Collected
INFO The INFO level designates information messages that highlight the progress of the service.
ERROR The ERROR level designates error events that might still allow the service to continue running.
WARNING The WARNING level designates potentially harmful situations but are usually recoverable or can be ignored.
DEBUG Designates events that might generally be useful to debug problems, to view or manipulate the internal state of the appliance, and to test the deployment scenario in your environment.
TRACE Indicates information such as collection of Unified Access Gateway statistics, details of requests sent from Unified Access Gateway to backend servers and so on.
To configure these log level settings, see Configure Log Level Settings in Unified Access Gateway.

Collect Logs

Download the log ZIP files from the Support Settings section of the admin UI.

These log files are collected from the /opt/vmware/gateway/logs directory on the appliance.

The following tables contain descriptions of the various files included in the ZIP file.

Table 2. Files That Contain System Information to Aid in Troubleshooting
Filename Description Linux Command (if applicable)
version.info Contains the versions of the OS, Kernel, GCC, and the Unified Access Gateway appliance.
ipv4-forwardrules IPv4 forwarding rules configured on the appliance.
df.log Contains information about disk space usage on the appliance. df -a -h --total
netstat.log Contains information on open ports and existing TCP connections. netstat -anop
netstat-s.log Network stats (bytes sent/received etc) from the time of creation of the appliance. netstat -s
netstat-r.log Static routes created on the appliance. netstat -r
uag_config.json, uag_config.ini, uagstats.json Entire configuration of the Unified Access Gateway appliance, showing all the settings as a json and an INI file.
ps.log Includes processes running at the time of downloading logs. ps -elf --width 300
ifconfig.log Network interface configuration for the appliance. ifconfig -a
free.log RAM availability at the time of downloading logs. free
top.log Sorted list of processes by memory usage at the time of downloading logs. top -b -o %MEM -n 1
iptables.log IP tables for IPv4. iptables-save
ip6tables.log IP tables for IPv6. ip6tables-save
w.log Information about uptime, the users currently on the machine, and their processes. w
systemctl.log List of services currently running on the appliance systemctl
resolv.conf For connecting local clients directly to all the known DNS servers
hastats.csv Contains stats per node and total stats information for each back-end type (Edge Service Manager, VMware Tunnel, Content Gateway)
system_logs_archive Directory contains the following log files: cpu.info, mem.info, sysctl.log, and journalctl_archive.
cpu.info Contains CPU information of the virtual machine collected from /proc/cpuinfo.
mem.info Contains information about the virtual machine memory such as total memory available, free memory available, and so on collected from /proc/meminfo.
sysctl.log Contains information about all the kernel parameters of the virtual machine. sysctl -a
journalctl_archive Files contain journalctl log information that spans over 7 days until the time at which the archive is downloaded.

For example, if an admin downloads the Logs Archive from the Unified Access Gateway Admin UI at 9 A.M. today then the archive contains information for the past 7 days including until 9 A.M.

If the size of the logs collected is less than or equal to 25 MB, then only a single file, journalctl.log, is generated. If the size of the logs collected is more than 25 MB, then the journalctl_archive folder is created with multiple journalctl.log

files.
journalctl -x --since '1 week ago'
journald.conf Contains configuration information for the journalctl logs.
system-logs-collection-status.log Contains information that indicates whether the following log files are successfully collected: cpu.info, mem.info, sysctl.log, and journalctl_archive.
hosts Contains the /etc/hosts entries.
firstboot Contains information that is generated when the Unified Access Gateway is booted for the first time.
subsequentboot Contains information that is generated during subsequent reboots of Unified Access Gateway.
trustedCertificatesStore.log Contains information about the certificate processing status when a trusted certificate is uploaded on Unified Access Gateway.
vami-ovf.log Contains configuration-related information such as OVF properties, network, and so on of the Unified Access Gateway appliance during deployment.
admin-api.log Contains information of the invoked Admin REST API endpoints, request and response payloads (if applicable), and the response status.
Table 3. Log Files for Unified Access Gateway
Filename Description
supervisord.log Supervisor (manager for the Edge service manager, admin, CAS, and EAS) log.
esmanager.log One or more Edge service manager logs, showing back-end processes performed on the appliance.
audit.log Audit log for all admin user operations.
admin.log Admin GUI logs. Contains log messages from admin process that exposes the REST APIs on port 9443.
eas-service.log Contains log messages from the EAS process, which handles Radius and RSA SecurID authentication.
eas-vertx-access.log Contains information about the API requests on the enterprise services.
certauth-service.log Contains log messages from the CAS process, which handles certificate authentication.
certauth-vertx-access.log Contains log messages of all the HTTP calls to CAS.
bsg.log Contains log messages from the Blast Secure Gateway.
SecurityGateway_xxx.log Contains log messages from the PCoIP Secure Gateway.
utserver.log Contains log messages from the UDP Tunnel Server.
activeSessions.csv List of active Horizon or WRP sessions.
haproxy.conf Contains HA proxy configuration parameters for TLS port sharing.
vami.log Contains log messages from running vami commands to set network interfaces during deployment.
content-gateway.log, content-gateway-wrapper.log, 0.content-gateway-YYYY-mm.dd.log.zip Contains log messages from Content Gateway.
admin-zookeeper.log, esmanager-zookeeper.log Contains log messages related to the data layer that is used to store the Unified Access Gateway configuration.
package-updates.log Contains log messages about the status of package updates (OS and Unified Access Gateway) applied to a Unified Access Gateway version, which has already been released and deployed in your environment.
tunnel.log Contains log messages from the Horizon Tunnel process that is used as part of the XML API processing. You must have Tunnel enabled in the Horizon settings to see this log.
tunnel_snap.log Contains information that indicates whether the VMware Tunnel server and proxy logs are collected successfully.
tunnel-gateway-stats.log Contains information about VMware Tunnel server stats.
tunnel-snap.tar.gz Tarball containing VMware Tunnel server and proxy logs.
appliance-agent.log Appliance agent (for starting up Workspace ONE UEM services) logs.
Files and logs in content-gateway folder
config.yml Contains Content Gateway configuration and log level details.
smb.conf Contains SMB client configuration.
smb-connector.conf Contain SMB protocol and log level details.

The log files that end in "-std-out.log" contain the information written to stdout of various processes and are usually empty files.

Table 4. Log Rotation Information for Unified Access Gateway Log Files
Log filename Location Property
admin-zookeeper.log /opt/vmware/gateway/conf/log4j2-admin.xml

size 10MB

rotate 5

admin.log

size 10MB

rotate 5

admin-api.log

size 2MB

rotate 5

audit.log

size 10MB

rotate 5

eas-service.log /opt/vmware/gateway/data/eas/conf/log4j2-override.xml

size 10MB

rotate 10

eas-vertx-access.log

certauth-service.log /opt/vmware/gateway/conf/log4j2-cas.xml size 25MB

rotate 5

certauth-vertx-access.log size 10MB

rotate 5

bsg.log /opt/vmware/gateway/lib/bsg/absg.properties

size 8MB

rotate 5

esmanager.log /opt/vmware/gateway/conf/log4j2-esmanager.xml

size 25MB

rotate 10

tunnel.log /opt/vmware/gateway/conf/log4j2-tunnel.xml

size 25MB

rotate 5
Files present at /var/log/journal /etc/systemd/journald.conf size 1GB
keepalived.log /etc/logrotate.d/keepalived

size 5MB

rotate 5

haproxy.log /etc/logrotate.d/haproxy

size 25MB

rotate 5

/var/log/auth.log /etc/logrotate.d/auth

size 10MB

rotate 10

/var/log/audit/audit.log /etc/logrotate.d/audit
Note: /var/log/audit/audit.log contains events of the Linux auditing service ( auditd).

size 10MB

rotate 10

/var/log/messages

/var/log/cron

/var/log/messages-kv.log
/etc/logrotate.d/messages_and_cron

size 50MB

rotate 10

maxage 30

admin-api.log /opt/vmware/gateway/conf/log4j2-admin.xml

size 2MB

rotate 5

Note: The rolled over files are compressed for esmanager, admin, EAS, CAS, esmanager-std-out, and tunnel logs.