- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to browse though logs and sylogs in Virtual Appliance?
03/26/2020 
973 People found this article helpful
194,655 Views
Description
It is useful to see the real time syslogs and logs currently processing the Analyzer/GMS system. Below are some of the example how to navigate those logs and syslogs.
Resolution
1. To see if GMS receiving logs any specific firewall we can use the followings:
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:15:17.215326 IP (tos 0x0, ttl 64, id 50710, offset 0, flags [DF], proto UDP (17), length 298)
192.168.177.58.syslog > mini8snwl.syslog: SYSLOG, length: 270
Facility local0 (16), Severity info (6)
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:15:17 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName="General DNS" n=2409400 src=172.22.100.251:49176:X0 dst=172.22.103.9:53:X0 proto=udp/dns sent=63 spkt=1 cdur=30616 fw_action="NA"
2. To see if we are receiving heartbeat from a specific firewall we can use the following:
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C | grep m=96
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:16:45 UTC" fw=10.71.254.58 m=96 n=70660 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=60
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:17:45 UTC" fw=10.71.254.58 m=96 n=70661 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=61
3. To see if we are receiving syslogs from specific firewall:
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:16:45 UTC" fw=10.71.254.58 m=96 n=70660 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=60
4. To see if the firewall is receiving syslog with correct priority (it is important to have the sylog in the correct priority, if the log settings too high or low it can have impact on reporting. For example 'No matching record found'):
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C | grep m=537 | grep pri=6
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:34:51 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName="General DNS" n=2410169 src=172.22.100.251:55427:X0 dst=172.22.103.9:53:X0 proto=udp/dns sent=73 spkt=1 cdur=30100 fw_action="NA"
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:34:51 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49202 appName="General UDP" n=2410170 usr="Unknown (SSO failed)" src=192.168.177.222:1900:X3 dst=192.168.163.7:53334:X1 dstMac=02:17:c5:0f:51:57 proto=udp/53334 sent=2868 spkt=6 cdur=37750 fw_action="NA"
5. To see the real time log from any specific log file:
<
For example we like to see the real time Summarizer logs:
- Navigate /opt/GMSVP/Logs directory
[root@mini8snwl Logs]# tail -f StdVPSummarizer0.log
[Mon Jul 18 11:22:21 CEST 2016] Jul 18, 2016 11:22:21: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_091911_to_20160718_092211.unp
[Mon Jul 18 11:24:47 CEST 2016] Jul 18, 2016 11:24:47: [ETLProcess/run()]: ETL runs so far = 90611
[Mon Jul 18 11:25:18 CEST 2016] Jul 18, 2016 11:25:18: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_092211_to_20160718_092511.unp
[Mon Jul 18 11:28:19 CEST 2016] Jul 18, 2016 11:28:19: [DatabaseAdminTask/isDBConfigured()]: Local DB Configuation is in sync
[Mon Jul 18 11:28:20 CEST 2016] Jul 18, 2016 11:28:20: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_092511_to_20160718_092811.unp
6. To see the upgrade history of the Analyzer/GMS:
- Nevigate to /opt/GMSVP/conf directory
[root@mini8snwl conf]# cat upgradeHistory.log
Fri Sep 18 13:06:33 UTC 2015:sw_gmsvp_all_eng_8.0.hotfix.dts.161814.sig:hotfix:Analyzer IP Fix:161814:Success
Fri Sep 18 13:25:28 UTC 2015:sw_gmsvp_all_eng_8.0.hotfix.dts.161632.4.sig:hotfix:Support for SonicOS 6.2.4 and other fixes (Take-4):20150715:Success
Thu Nov 12 10:28:04 UTC 2015:sw_gmsvp_all_eng_8.0.sp1.10.sig:sp:Service Pack 1 for 8.0 (Take-10):20151029:Success
Related Articles
- Specific syslog IDs are not seen in Analytics reports
- Upgrading to Analytics 2.5.0.4
- How to upgrade firmware for a group of firewalls in NSM
YES
NO