---Sorry this is so long---

We are moving our SAML authentication to a different server.
Now I'm trying to decommission the old NAM servers (version +
I am running a tcp dump to watch for https traffic to port 443
"tcpdump -c 100 dst port 443"
to see what traffic might be still using it and I'm getting a *lot* of
hits from workstations.
I'm trying to find out what kind of traffic is still hitting the server
without turning the server off and waiting for the Help Desk calls.

I found the information about auditing the "Success or failure of user

It's using the built in NAUDIT and I can go to the Auditing > General
Logging and download the auditlogs.
I've looked through every single log displayed and I'm not finding user
authentications. This could be a good thing, but it's not enough
information for me.
We had some links that were set to fire off to the NAM server when a
user logged out of one site to make sure it clears the connection from
NAM so it clears all their connection.
If that's the data that's going to the server, I think I should get more
log info that says something like this in the catalina.out file:
<amLogEntry> 2015-07-20T20:12:10Z DEBUG NIDS SAML2:
Method: NIDPLocalConfigUtil.isSaml2KeyEnabled
Thread: ajp-bio-
'SAML2_SIGN_METHODDIGEST_SHA256' doesn't map to an existing object
[nidpconfig.properties]. SAML2 request -error parsing SAML2 property
but those messages stopped 2 days ago and I'm still getting a lot of
hits to https port 443 on the NAM IDP and AG servers.

Q1: Is there another setting I need to make to get the proper log
information to figure out who and what and *why* they are connecting to
my servers?
Q2: Is there a different log I need to look in to figure out why they
are connecting to my servers?

I can find the IP addresses connecting, but I can't tell what they are
doing, so I can determine if it's safe to shut down the old NAM server
or if there are other services/functions I need to migrate. Thanks,

jcauthorn's Profile: https://forums.netiq.com/member.php?userid=4729
View this thread: https://forums.netiq.com/showthread.php?t=53914