Skip to main content
Skip table of contents

Diagnostics profiles (UI)

Configuring the Diagnostics policy

Use a Diagnostics profile to set these options with the Diagnostics policy. (See Policy profiles for general information about managing policy profiles.)

Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.

Click the settings gear on the Diagnostics panel. The Policy details page appears, where you can create a new profile or edit an existing profile. 

On the Policy details page, click + Diagnostics Profile to create a new profile, or click the View/Edit profile (pencil) icon next to an existing profile to edit it.

On the Diagnostics profile page, enter the Profile name and description, then select which classes to log and the severity level to log for each class.

When you are done configuring the profile, click Save changes. This profile is now available to use with any app.

Logging classes

ClassDescription

Atlas Client PERP (Policy/Enrollment/Reporting)

Logs related to Atlas Client PERP (ACP) processing layer. These logs are related to user/device authentication and certificate enrollment.

Client

High-level logs related to all interactions with the Atlas Gateway.

Connect

Low-level secure microtunnel control logs related to Internet Key Exchange (IKE).

CryptoCryptography and security services, including FIPS.

Data Security Framework (Cryptographic Operations)

Extremely low-level logs from the Data Security Framework (DSF). These logs can impact performance when enabled.

Data-At-RestLogs related to encrypted data at rest. Due to performance impacts, enable these logs only when directed by Support.
FileIOFile system interactions. Can impact performance when enabled.
FoundationiOS-specific component used to intercept ObjectiveC Foundation and C-based CoreFoundation for data at rest.
HttpSecure Web Stack used on iOS to intercept HTTP/HTTPS traffic.
InjectableHigh-level component responsible for coordination of other client components.
KeyStoreSecure location used for managing client certificates, reconnect tokens, and other persisted data.

Map.Next Generic (default)

Default component for utilities not associated with another module. Set the generic logging level to set the logs for the MAP.Next core injectable code and the keystore component used for data storage.

Policy

Information and debug on static and dynamic gateway policy, including secure microtunnel settings, browser settings, and device posture.

SmartLinkInformation about SmartLink's connection to the Gateway. See Configuring Blue Cedar SmartLink.
SQLCipherInformation about SQLCipher database encryption use.

Tunnel Driver

Injected TCP/IP stack logs for virtual network interface driver. Can cause performance degradation when enabled.

Tunnel Internal

Injected TCP/IP stack logs for network buffer memory management and DNS handling. Can cause performance degradation when enabled.

Tunnel IP Stack

Injected TCP/IP stack logs related to layer 3 IP processing. Can cause performance degradation when enabled.

Tunnel Packet

Logs related to encapsulating and encrypting packets.

Tunnel Socket

Logs related to binding of the IP stack with TCP and UDP layers.

Tunnel TCP Stack

Injected TCP/IP stack logs related to layer 4 TCP processing. Can cause performance degradation when enabled.

Tunnel UDP Stack

Injected TCP/IP stack logs related to layer 4 UDP processing. Can cause performance degradation when enabled.

Virtual Tunnel Control

Virtual Networking logging controlling socket and packet layers.

Severity levels

Choose the minimum level of messages to log. You can also use the REST API to set the parameter debug_level. The values in order of verbosity (where debug is the most verbose and critical the least):

  • 0=Debug
  • 1=Informational 
  • 2=Warning
  • 3=Minor error
  • 4=Major error
  • 5=Critical error

Diagnostics restrictions

By default, end users can access an information menu in a Blue Cedar secured app. Admins can choose to disable this menu via the Diagnostics policy. There are options on this menu which an admin may not want end users to access. 

On the Diagnostics profile page, click the triangle to expand the Advanced section.

Select "Restrict access to diagnostics screens" to hide the Information menu.

Applying the Diagnostics policy

Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.

Under Policies to apply, click the triangle to expand the Diagnostics panel. 

Select "Enable Diagnostics policy."

Choose the Diagnostics profile from the menu.

Click Apply policies.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.