Analyzer troubleshooting steps for SMA
03/26/2020 43 10320
The following steps must be checked and correct for the Analyzer to obtain files from the SMA
SMA 100 series:
Verify that the Analyzer is set up in the correct location
Log | Analyzer
This is the only section that will send syslogs and the heartbeat
Log | Settings | Syslog Settings
This will only send the syslogs and not the heartbeat
Log | Settings | Log & Alert Levels
If Syslog is set to Warning the system will only send logins and warnings sent from the system.
Depending on the logs they are looking to obtain this may need to be set to Info
Log | Settings | Categories
Verify all of the Log Categories (Standard) are checked
5. Verify the logs are getting to Analyzer for the unit in question. the following article has further information on how to do this:
6. Verify the SMA unit is added to the correct tab in Analyzer. The following article has further information on this
How to configure Analyzer 8.x for SRA/SMA ?
7. Verify the Analyzer is getting the proper logs that are needed for the report and that they are processing.
1) Here is the location of stored syslogs in Analyzer/GMS:
a) [installDir]:\GMSVP\syslogs\ - files are stored here with .src prior to summarization process
b) [installDir]:\GMSVP\syslogs\archivedSyslogs\ - files are stored here with .prd extension (periodically compressed into .zip format); this info should already be processed and visible in reports
2) You can search the syslog files for data coming from the SRA/SMA device; search by serial number is easiest.
a) Search for entries related to the information for which they are trying to report
If all of the prior steps are configured correctly and the logs are getting to the Analyzer the following files will be needed to be provided to Technical Support:
1. Copy of TSR from the SMA
2. Copy of a .prd file from the step 7b
8. Get the serial of the upstream UTM appliance. Note the case with the steps performed from this article attach the article to the case. Talk to Team Lead or Supervisor on next steps to get the ticket to the team that will follow up on this.
SMA 1000 series:
Analyzer/GMS is no longer supported for all currently supported versions of SMA 1000 series.