Privileged Session Manager Administration

Privileged Session Manager service

The PSM is installed on a Windows system as an automatic system service called CyberArk Privileged Session Manager.

It can be stopped and started through the standard Windows service management tools.

PSM activity logs

All activities monitored by PSM are written to a log file and stored in the Log subfolder of the PSM installation folder. These log files can be uploaded to the Vault for long term storage. The maximum size of the log file is specified in the PSM configuration.

Log files

 

Some PSM errors are only written in the event viewer.

The following log files contain the activities of the PSM:

Log

Description

PSMConsole.log

This file contains informational messages and errors that refer to PSM function. This log is meant for the system administrator who needs to monitor the status of the PSM.

<SessionID>.Recorder.log

This file contains errors and trace messages related to the PSM Recorder that can be used for troubleshooting. The types of messages that are included depend on the debug levels that are specified in the Recorder settings of the PSM configuration.

<SessionID>.<connection component>.log

This file contains errors and trace messages related to the connection component that can be used for troubleshooting. The types of messages that are included depend on the debug levels that are specified in the Connection Client settings of the PSM configuration.

PSMConnectorsDeployment.log

This file contains errors and trace messages related to the shared universal connector deployment on multiple PSM servers that can be used for troubleshooting.

History log files

New log files are created when they reach the size specified in the LogRotationSize parameter in the PSM Server settings parameters. When log files reach the specified size in MB, they are timestamped and moved to the \old subfolder of the folder where they are created, and a new log file is created.

Log

Description

PSM Server log files

These log files are created in the PSM\Logs folder and are moved to the PSM\Logs\old subfolder.

PSM Recorder and Connection client

These log files are created in the PSM\Logs\Components folder and are moved to the PSM\Logs\Components\old subfolder.

The file is marked with a time stamp and renamed as follows:
<filename> (<date>-<time>)

For example, log files that were created in the PSM\Logs folder on February 10th, 2009, at 11.30am, are renamed as follows:

  • PSMTrace.log are renamed to PSMTrace.log.2009-02-10__11-30-00

  • PSMConsole.log are renamed to PSMConsole.log.2009-02-10__11-30-00

After they have been renamed, they are moved to the PSM\Logs\old folder.

These old log files are automatically deleted after the number of days specified in the PurgeLogsThreshold parameter in the PSM Server setting parameters. If the parameter is set to zero, the logs are not automatically deleted.

Recording PSM activities in the event viewer

To enable standard monitoring tools to monitor the PSM by, errors are always written in the PSM machine Event Log in addition to the above log files.

To identify PSM components that performed activities, the CyberArk PSM prefix is added to messages in the Event log: