How to automatically push logfiles to the Aventail Advanced Reporting (AAR) server
03/26/2020 
7 
11181
DESCRIPTION:
This article will explain how to install a script which will automatically push appliance logfiles to your Aventail Advanced Reporting server on a daily basis.
RESOLUTION:
Warning SonicWall strongly recommends that users not familiar or comfortable with the "vi" command or the command line contact SonicWall product support for assistance. Always back up your configuration before performing hand edits. Use the command line at your own risk.
Please see KB item #2500 for some suggestions on enabling SSH access to the appliance and getting onto the command line.
- On the Aventail Advanced Reporting server install or activate a FTP server (filezilla, pureftp, native FTP e.g. of IIS or linux distro)
- Copy the script linked below into a file called aarpushlogs and place this file onto each appliance, in the /root directory.
- On the appliance, decompress the script with the command gunzip aarpushlogs.gz.
- On your FTP server, create a separate FTP account (e.g. "aventailupload") that has only write access to the AAR log directory, e.g. "/aar". Replace 'incoming' with this value in the variable "$_FTP_DIR" in the script.
- Create subdirectories for each appliance name under /aar, e.g. /aar/gateway or /aar/sslcluster-node1
- Make the script executable: chmod a+x aarpushlogs)
- Edit the script (vi) and change the fields "$_FTP_HOST", "$_FTP_USERNAME", "$_FTP_PASSWORD", and "$_FTP_DIR" to the appropriate values. DO NOT change anything else in the script unless instructed to do so by SonicWall Support.
- Ensure the script is setup correctly by running it with the '--all' flag once; this will push all of the current log data to the AAR server. This only needs to be run once: './aarpushlogs --all'
- Once you have run the script once, edit the file /etc/crontab, and add the following line. This line should be placed at the bottom of the file, just above the last hash mark, '#'. Don't forget to restart cron afterwards with the command "/etc/init.d/cron restart"
- 5 0 * * * root /root/aarpushlogs --recent > /dev/null 2>&1
- It is not recommended to increase the upload frequency. Once per day will allow you to save archival information, and grab all info from the previous day. It will also avoid duplicate data.
This will copy the current logs accross to the AAR every day at 5 after midnight.
Known Issues
Script
aarpushlogs.gz (Last Updated 5/6/09)
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
