You can enable the eduroam log viewer to review the authentication and RADIUS server logs for your IdP or RP. The most common use for the log viewer is to see errors when first setting up a new IdP or RP server. It is also useful when troubleshooting a user's inability to connect to eduroam. The eduroam log viewer is powered by Grafana. If you would like to know more, visit https://grafana.com/docs/grafana/latest/panels/.

Once inside the log viewer, by default, everyone will land at a dashboard that shows two panels, an Authentication Logs table and a RADIUS logs panel. We have enabled Grafana Explorer Mode for more extensive log searching as well.

Viewing your Logs

  1. Log into the eduroam Federation Manager portal: https://service1.internet2.edu/Shibboleth.sso/IAM_Login

  2. Select your organization from the picker, if you have more than one.

    eduroam Support Organization Admins will need to first, click into one of their constituent organizations before seeing the 'log viewer' button.
  3. Click the button labeled Log Viewer in the header of your eduroam Federation Manager portal. Your log viewer dashboard by default has two panels:


Authentication Log, which can show if your IdP and/or RP servers are a authenticating to eduroam US correctly

Authentication log



RADIUS server log, which can be used to troubleshoot a user who is unable to log in


RADIUS server logs

Searching

When dealing with end-user support cases, it can be useful to search the logs for entries matching a specific user or realm.

Finding completed authentication requests involving a specific realm can be done in the main dashboard, using the filter functionality of the Authentication Log table.  Click on the filtering icon next to any column name, and a dialog box will appear where you can search for entries corresponding to a specific value.  The “VISINTID” column corresponds to the Service Provider (SP) realm, while the “NEXTHOP” column will correspond to the Identity Provider (IdP) realm of a US institution (or an upstream server for Non-US IdPs).  Type the first few letters of the desired realm, and choose from the list.

If a request does not result in a successful or failed authentication attempt (due to a bad secret, or other processing error), it will not appear in the Authentication Log.  There should, however, be an entry explaining why it was rejected in the RADIUS Server logs.  

To search the RADIUS Server Logs, go to the Explore view by clicking on the compass icon on the left side toolbar.  Once in the Explore view, you can search for any string in the RADIUS Server Logs by typing a query of the following form, and hitting the refresh icon:

{record_type=”stdout”} |= “<search-string>”

It is also possible to search the Authentication logs with the following query:

{record_type=”fticks”} != “<search-string>”

Query functionality can be used for many other purposes, as described in the Grafana documentation.

Changing Your Organization Context

Each eduroam Dashboard contains the logs for a single Organization but may contain multiple realms.

If you are an eduroam Admin for more than one organization, you will be able to switch your Organization context from right within Grafana.

You can switch by clicking your avatar in the lower left-hand corner and choose 'Switch organization'. This will show a list of Organizations for which you are an eduroam Admin and give you an option to choose a different Organization and switch contexts.