EX SSL-VPN: How to configure aarpushlogs on firmware 10.6.x and above.
03/26/2020 
5 
11338
DESCRIPTION:
EX SSL-VPN: How to configure aarpushlogs on firmware 10.6.x and above.
RESOLUTION:
Question:
How to configure aarpushlogs on firmware 10.6.0 and above.
Answer:
Configuring the "aarpush" logs on firmware 10.6.0 and above is different from what we follow on version 10.5.x or earlier. The logs generated on 10.6.0 and above are in .gz format which requires new "aarpushlogs" script to be configured on the Aventail device. The below steps will assist you in configuring the aarpush logs on the Aventail device.
1. Setup an FTP server on a machine where you want the logs from the Aventail device to be pushed. (Use can use free tools such as FileZilla server etc..)
2. Copy the "aarpushlogs" script available in this article on to the /usr/local/aventail/bin/ directory on Aventail device using a tool like WinSCP and unzip it using the command
gunzip aarpushlogs.gz
3. Unlike on firmware versions (10.5.x or earlier) we need NOT modify the "aarpushlogs" script on the device.
4. Make the "aarpushlogs" script as executable with the command "chmod a+x" from SSH or console access.
5. Login to the AMC, Click on Maintenance in the left-hand navigation menu.
6. In the URL address bar, append "?advanced=1", and hit return
7. Click on Configure under the new section Configuration extensions.
8. Click New and For the Key field, put in AAR_URL
9. For the Value field, put in the FTP address in the format - ftp://username:password@/incoming.
10. Click OK
11. Click New and For the Key field, put in AAR_FREQUENCY
12. For the Value field, put in 1 and then Click OK
13. Click Save and Apply Changes (this will force an apply-all, making the changes take effect).
14. Execute the aarpushlogs script (./aarpushlogs) once manually (the first time) so that all the extranet_access and extaweb_access logs are pushed to the remote FTP server.( The aarpushlogs script will create a new folder by the name of Aventail device host name on the FTP server)
15. With this new "aarpushlogs script" there is no need to edit the crontab file with a time entry for the script automation. The execution of the script will create a aarpushlogs file for automation at /etc/cron.d/.
16. Restart the cron service once with the command /etc/init.d/cron restart
17. This new script and the aarpushlogs file created at /etc/cron.d/ will check for new logs files generated every day at 00:05 AM and push them to the remote FTP server.
To Download the new aarpushlogs.gz click here
See Also:
Refer customers/Internal users to other related articles within the SonicWall
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
