How to automatically push logfiles to the Aventail Advanced Reporting (AAR) server

03/26/2020 7 12950

DESCRIPTION:

This article will explain how to install a script which will automatically push appliance logfiles to your Aventail Advanced Reporting server on a daily basis.

RESOLUTION:

Warning  SonicWall strongly recommends that users not familiar or comfortable with the "vi" command or the command line contact SonicWall product support for assistance.  Always back up your configuration before performing hand edits. Use the command line at your own risk.

Please see KB item #2500 for some suggestions on enabling SSH access to the appliance and getting onto the command line.

• On the Aventail Advanced Reporting server install or activate a FTP server (filezilla, pureftp, native FTP e.g. of IIS or linux distro)
• Copy the script linked below into a file called aarpushlogs and place this file onto each appliance, in the /root directory.
• On the appliance, decompress the script with the command gunzip aarpushlogs.gz.
• On your FTP server, create a separate FTP account (e.g. "aventailupload") that has only write access to the AAR log directory, e.g. "/aar". Replace 'incoming' with this value in the variable "$_FTP_DIR" in the script.
• Create subdirectories for each appliance name under /aar, e.g. /aar/gateway or /aar/sslcluster-node1
• Make the script executable: chmod a+x aarpushlogs)
• Edit the script (vi) and change the fields "$_FTP_HOST", "$_FTP_USERNAME", "$_FTP_PASSWORD", and "$_FTP_DIR" to the appropriate values. DO NOT change anything else in the script unless instructed to do so by SonicWall Support.
• Ensure the script is setup correctly by running it with the '--all' flag once; this will push all of the current log data to the AAR server. This only needs to be run once: './aarpushlogs --all'
• Once you have run the script once, edit the file /etc/crontab, and add the following line. This line should be placed at the bottom of the file, just above the last hash mark, '#'. Don't forget to restart cron afterwards with the command "/etc/init.d/cron restart"
  • 5 0 * * *        root /root/aarpushlogs --recent > /dev/null 2>&1
• It is not recommended to increase the upload frequency. Once per day will allow you to save archival information, and grab all info from the previous day. It will also avoid duplicate data.

This will copy the current logs accross to the AAR every day at 5 after midnight.

Known Issues

• When running the script, the following error is seen:
  curl: (67) Access denied: 530

  To resolve this issue, make sure the username and password in the script are configured correctly.

Script

aarpushlogs.gz (Last Updated 5/6/09)