Workspace ONE UEM supports access logs and syslog integration for the Proxy and Per-App Tunnel components of VMware Tunnel. Workspace ONE UEM supports access logs and syslog integration for the VMware Tunnel Proxy (Legacy MAG) component. Access logs are generated in the standard HTTP Apache logs format and directly transferred to the syslog host you defined. They are not stored locally on the VMware Tunnel server.

In relay-endpoint deployments, the relay server writes the access logs, in a cascade deployment, the back-end server writes the access logs and in a basic deployment, the basic server writes the access logs.

For instructions on enabling access log and syslog integration, see Configure Advanced Settings.


You must enable access logs before you install any of the components. Any changes you make to the access logs configuration on the Workspace ONE UEM console require reinstallation of the VMware Tunnel server.

Using a Linux Server to Act as a Syslog Host

Most Linux servers by default have support for syslog. To enable a Linux server to act as syslog host, navigate to rsyslog.conf:

vi /etc/rsyslog.conf

Uncomment the features under UDP syslog reception:

# Provides UDP syslog reception
                  			$ModLoad imudp
                  		$UDPServerRun 514

To view the logs, enter the following command:

tail –f /var/log/messages | grep <rsyslog_dent>

Make sure UDP port 514 is open routing to the syslog server:

-A INPUT –p udp –m udp –dport 514 –j ACCEPT

KKDCP Access Logs

The path for KKDCP logs for VMware Tunnel for Linux is:  /var/log/vmware/proxy/proxy.log.

The path for KKDCP logs for VMware Tunnel Proxy for Windows is:  \AirWatch\Logs\MobileAccessGateway

To make sure the AirWatch KKDCP server is up and running, access the following URL in your browser from the server where KKDCP is installed: http://localhost:2040/kerberosproxy/status

If the proxy server is working as expected then the browser returns the following response: