Logging

The SSO Agent sends log event messages to the Windows Event Log based on administrator-selected logging levels.

The network security appliance also logs SSO Agent-specific events in its event log:

The Notes field of log messages specific to the SSO Agent contain the text <domain/user-name>, authentication by SSO Agent. For more information about log messages, see SonicOS 7 Users.

User login denied - not allowed by policy rule	User has been identified but does not belong to any user groups allowed by the policy blocking the user’s traffic.
User login denied - not found locally	User has not been found locally and Allow only users listed locally is selected in the network security appliance.
User login denied - SSO Agent agent timeout	Attempts to contact the SSO Agent have timed out.
User login denied - SSO Agent configuration error	SSO Agent is not properly configured to allow access for this user.
User login denied - SSO Agent communication problem	Problem communicating with the workstation running the SSO Agent.
User login denied - SSO Agent agent name resolution failed	SSO Agent is unable to resolve the user name.
SSO Agent returned user name too long	User name is too long.
SSO Agent returned domain name too long	Domain name is too long.