Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to browse though logs and sylogs in Virtual Appliance?

03/26/2020 973 People found this article helpful 194,655 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    It is useful to see the real time syslogs and logs currently processing  the Analyzer/GMS system. Below are some of the example how to navigate those logs and syslogs. 

    Resolution

    1. To see if GMS receiving logs any specific firewall we can use the followings:
    [root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    16:15:17.215326 IP (tos 0x0, ttl 64, id 50710, offset 0, flags [DF], proto UDP (17), length 298)
        192.168.177.58.syslog > mini8snwl.syslog: SYSLOG, length: 270
            Facility local0 (16), Severity info (6)
            Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:15:17 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName="General DNS" n=2409400 src=172.22.100.251:49176:X0 dst=172.22.103.9:53:X0 proto=udp/dns sent=63 spkt=1 cdur=30616 fw_action="NA"


    2. To see if we are receiving heartbeat from a specific firewall we can use the following:
    [root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C | grep m=96
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
            Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:16:45 UTC" fw=10.71.254.58 m=96 n=70660 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=60
            Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:17:45 UTC" fw=10.71.254.58 m=96 n=70661 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=61


    3. To see if we are receiving syslogs from specific firewall:
    [root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
            Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:16:45 UTC" fw=10.71.254.58 m=96 n=70660 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=60


    4. To see if the firewall is receiving syslog with correct priority (it is important to have the sylog in the correct priority, if the log settings too high or low it can have impact on reporting. For example 'No matching record found'):
    [root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C | grep m=537 | grep pri=6
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
            Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:34:51 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName="General DNS" n=2410169 src=172.22.100.251:55427:X0 dst=172.22.103.9:53:X0 proto=udp/dns sent=73 spkt=1 cdur=30100 fw_action="NA"
            Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:34:51 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49202 appName="General UDP" n=2410170 usr="Unknown (SSO failed)" src=192.168.177.222:1900:X3 dst=192.168.163.7:53334:X1 dstMac=02:17:c5:0f:51:57 proto=udp/53334 sent=2868 spkt=6 cdur=37750 fw_action="NA"

    5. To see the real time log from any specific log file:
    <
    For example we like to see the real time Summarizer logs:
    - Navigate /opt/GMSVP/Logs directory 
    [root@mini8snwl Logs]# tail -f StdVPSummarizer0.log
    [Mon Jul 18 11:22:21 CEST 2016] Jul 18, 2016 11:22:21: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_091911_to_20160718_092211.unp
    [Mon Jul 18 11:24:47 CEST 2016] Jul 18, 2016 11:24:47: [ETLProcess/run()]: ETL runs so far = 90611
    [Mon Jul 18 11:25:18 CEST 2016] Jul 18, 2016 11:25:18: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_092211_to_20160718_092511.unp
    [Mon Jul 18 11:28:19 CEST 2016] Jul 18, 2016 11:28:19: [DatabaseAdminTask/isDBConfigured()]: Local DB Configuation is in sync
    [Mon Jul 18 11:28:20 CEST 2016] Jul 18, 2016 11:28:20: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_092511_to_20160718_092811.unp


    6. To see the upgrade history of the Analyzer/GMS:
    - Nevigate to /opt/GMSVP/conf directory
    [root@mini8snwl conf]# cat upgradeHistory.log
    Fri Sep 18 13:06:33 UTC 2015:sw_gmsvp_all_eng_8.0.hotfix.dts.161814.sig:hotfix:Analyzer IP Fix:161814:Success
    Fri Sep 18 13:25:28 UTC 2015:sw_gmsvp_all_eng_8.0.hotfix.dts.161632.4.sig:hotfix:Support for SonicOS 6.2.4 and other fixes (Take-4):20150715:Success
    Thu Nov 12 10:28:04 UTC 2015:sw_gmsvp_all_eng_8.0.sp1.10.sig:sp:Service Pack 1 for 8.0 (Take-10):20151029:Success

    Related Articles

    • Specific syslog IDs are not seen in Analytics reports
    • Upgrading to Analytics 2.5.0.4
    • How to upgrade firmware for a group of firewalls in NSM

    Categories

    • Management and Reporting > GMS

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top