Merge pull request #7318 from MicrosoftDocs/main

v-dihans · web-flow · commit 2a98a11d747f · 2022-04-11T11:37:23.000-06:00
Publish 04/11/2022, 10:30 AM
diff --git a/memdocs/intune/fundamentals/deployment-guide-enrollment-mamwe.md b/memdocs/intune/fundamentals/deployment-guide-enrollment-mamwe.md
@@ -1,7 +1,7 @@
 ---
 # required metadata
 
-title: MAM-WE device enrollment guide for  Microsoft Intune
+title: Mobile Application Management (MAM) for unenrolled devices in Microsoft Intune
 description: Use mobile application management without enrollment to deploy apps, and protect organization data within the apps. Get an overview of the administrator and end user tasks for this enrollment option.
 keywords:
 author: MandiOhlinger
diff --git a/memdocs/intune/protect/microsoft-tunnel-monitor.md b/memdocs/intune/protect/microsoft-tunnel-monitor.md
@@ -141,15 +141,32 @@ For more information and command-line examples, see [mst-cli command-line tool f
 
 ## View Microsoft Tunnel logs
 
-Microsoft Tunnel logs information to the Linux server logs in the *syslog* format. To view log entries, use the **journalctl -t** command followed by one or more tags that are specific to Microsoft Tunnel entries:    
+Microsoft Tunnel logs information to the Linux server logs in the *syslog* format. To view log entries, use the **journalctl -t** command followed by one or more tags that are specific to Microsoft Tunnel entries:
 
-- **ocserv** -  Display server logs.
 - **mstunnel-agent**: Display agent logs.
 - **mstunnel_monitor**: Display monitoring task logs.
-  
-For example, to view information for only the tunnel server, run `journalctl -t ocserv`.  To view information for all three, you can run `journalctl -t ocserv -t mstunnel-agent -t mstunnel_monitor`.
+- **ocserv** -  Display server logs.
+- **ocserv-access** - Display access logs.
+
+  By default, access logging is disabled. Enabling access logs can reduce performance, depending on the number of active connections and usage patterns on the server. Logging for DNS connections increases the verbosity of the logs, which can become noisy.
+
+  Access logs have the following format: `<Server timestamp><Server Name><ProcessID on Server><userId><deviceId><protocol><src IP and port><dst IP and port><bytes sent><bytes received><connection time in seconds>` For example:
+
+  - *Feb 25 16:37:56 MSTunnelTest-VM ocserv-access[9528]: ACCESS_LOG,41150dc4-238x-4dwv-9q89-55e987f30c32,f5132455-ef2dd-225a-a693-afbbqed482dce,tcp,169.254.54.149:49462,10.88.0.5:80,112,60,10*
+
+  To enable access logging:
+
+  1. set TRACE_SESSIONS=1 in /etc/mstunnel/env.sh
+  2. set TRACE_SESSIONS=2 to include logging for DNS connections
+  3. Run `mst-cli server restart` to restart the server.
+
+  If access logs are too noisy, you can turn off DNS connection logging by setting TRACE_SESSIONS=1 and restarting the server.
+
+Command line examples for *journalctl*:
 
-You can add  `-f` to the command to display an active and continuing view of the log file.   For example, to actively monitor ongoing processes for Microsoft Tunnel, run `journalctl -t mstunnel_monitor -f`.
+- To view information for only the tunnel server, run `journalctl -t ocserv`. 
+- To view information for all log options, you can run `journalctl -t ocserv -t ocserv-access -t mstunnel-agent -t mstunnel_monitor`.
+- Add `-f` to the command to display an active and continuing view of the log file. For example, to actively monitor ongoing processes for Microsoft Tunnel, run `journalctl -t mstunnel_monitor -f`.
 
 More options for *journalctl*:
 
