<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
How to Retrieve Okta Agent Logs for Troubleshooting
Mar 12, 2026
Administration
Okta Classic Engine
Directories
Okta Identity Engine
Overview

This article describes how to retrieve Okta Agent Logs for troubleshooting the AD Agent, LDAP Agent, and RADIUS Agent.

Applies To
  • AD Agent
  • LDAP Agent
  • IWA Agent
  • RADIUS Agent
Solution

AD Agent

The following video shows how to enable verbose logging on the Okta AD Agent.
 

 

Log Retrieval

  1. On the system running the affected AD Agent, navigate to the Logs directory in the AD Agent install directory.

    • By default, this is C:\Program Files (x86)\Okta\Okta AD Agent\logs.

  2. ​The most recent log file is named Agent.log. Older log files will have a number appended to the filename (for example, Agent-1.log), with each successive number representing an older log file.
  3. The log files are limited to 5 MB in size and are continually updated with new information. The files "roll over" as each new Agent.log file size limit is reached.
  4. The "InstallUtil.log" file provides information related to both installations and updates.
  5. The "Service.log" file details when the OktaADAgent Windows service stops and starts.

 

Enabling Verbose Logging

  1. On the system running the affected AD Agent, navigate to the AD Agent install directory. By default, this is C:\Program Files (x86)\Okta\Okta AD Agent.
  2. ​Open the OktaAgentService.exe.config file with a text editor.
  3. Change the value: 
    <add key="VerboseLogging" value="False" />
    to 
    <add key="VerboseLogging" value="True" />
  4. Save the changes.
  5. Restart the AD Agent service (go to Services > right-click on the Okta AD Agent > Restart).

NOTE: Okta strongly recommends disabling verbose logging after troubleshooting is complete, as it can quickly generate several large files.

 

 

LDAP Agent

Log Retrieval

  1. On the system running the affected LDAP Agent, navigate to the logs directory in the LDAP Agent install directory.
    • On Windows, this is normally found in C:\Program Files\Okta\Okta LDAP Agent\logs.
    • On Linux, this is found in /opt/Okta/Okta LDAP Agent/logs.
  2. The most recent log file is named Agent.log. Older log files will have a number appended to the filename (for example, Agent-1.log), with each successive number representing an older log file.
  3. The log files are limited to 20 MB and updated with new information. The files "roll over" as each new Agent.log file size limit is reached.
  4. The "pid.info" file contains the current PID for the Okta LDAP Agent.
  5. The "stdout.log" file contains the current Agent service status information, such as the type of crypto suites found and the number of working connections.

 

Enabling Debug Logging

  1. On the system running the affected LDAP Agent, navigate to the LDAP Agent configuration directory.
    • On Windows, this is normally found in C:\Program Files\Okta\Okta LDAP Agent\conf.
    • On Linux, this is found in /opt/Okta/Okta LDAP Agent/conf.
  2. Open the "logback.xml" file with a text editor.
  3. Change one or more of the following values:
    • <maxIndex>5</maxIndex> represents the maximum number of log files that can be written. When using Debug logging, it is recommended to increase this number to 20 to compensate for the additional logging.
    • <logger name="com.okta.ldap_agent" level="INFO"> represents the type of logging performed by the LDAP Agent. Change this value to <logger name="com.okta.ldap_agent" level="DEBUG">.
  4. Save the modified file.
  5. Restart the Okta LDAP Agent service.

 

 

IWA Agent

Log Retrieval

  • The Okta IWA Agent does not create log files on its own. Instead, logs are generated by Microsoft Internet Information Service (IIS).
  • NOTE: These logs will contain DOMAIN\sAMAccountName. Redact as necessary.
    1. On the system running the affected IWA Agent, navigate to C:\inetpub\logs\LogFiles\W3SVC1\.
    2. IIS generates one file per day.


RADIUS Agent

Log Retrieval

  1. On the system running the affected RADIUS Agent, navigate to the Logs directory in the RADIUS Agent install directory. By default, this is C:\Program Files (x86)\Okta\Okta RADIUS Agent\current\logs.
  2. The okta_radius file contains troubleshooting information most likely to be needed by Okta Support.

 

 

Related References

Recommended content

Still looking for help?
Loading
How to Retrieve Okta Agent Logs for Troubleshooting