Logging

SpyCloud Active Directory Guardian (ADG) generates several logs to assist with general operation and debugging purposes.

🛠️ Installation Log

• Created during installation
• Path: C:\ProgramData\SpyCloud\AD Guardian\7\Logs\installer.log.txt

📖 General Log

The General Log provides a history of ADG activity. Events recorded include:

• Scan report could not be saved to database
• Scan completion/failure email could not be sent
• User email notification failed
• User matched but groups could not be loaded (excluded from remediation)
• Scan report CSV could not be saved to disk
• Password reset failed
• User disable failed
• Okta password reset failed
• Scan canceled
• Scan completed
• Scan failed
• User could not be scanned (e.g., AD load error or API failure like NIST)
• Scan started
• Telemetry could not be sent to SpyCloud

👤 User Actions Log

Captures any user-related activity during remediation:

• Actions at the conclusion of a scan
• Actions applied manually from the Scan Results page

🐞 Debug & Extended Logging

• Logs stored at: C:\ProgramData\SpyCloud\AD Guardian\7\Logs
• Format: debug.YYYYMMDD.txt
• YYYY = year
• MM = month
• DD = day
• Multiple runs per day append to the same file

🔧 Extended Logging

If you encounter difficulties, you may be asked to enable Extended Logging.

• Enable via a checkbox under Advanced Settings in Manual Scan and Scheduled Scan configuration screens.
• Captures more granular details of ADG operations.

📋 Extended Logging Messages

Extended logging captures:

• When a user is scanned and whether they matched
• Scan completion/failure email could not be sent (missing required variables like To)
• Scan completion/failure email sent, but optional variables (e.g., Reply To) could not be substituted
• User email sent successfully
• User email failed (missing required fields like To)
• User email sent but optional fields (like Reply To) could not be substituted
• User password reset attempted