- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to browse though logs and sylogs in Virtual Appliance?
03/26/2020 
973 People found this article helpful
42,991 Views
Description
It is useful to see the real time syslogs and logs currently processing the Analyzer/GMS system. Below are some of the example how to navigate those logs and syslogs.
Resolution
1. To see if GMS receiving logs any specific firewall we can use the followings:
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:15:17.215326 IP (tos 0x0, ttl 64, id 50710, offset 0, flags [DF], proto UDP (17), length 298)
192.168.177.58.syslog > mini8snwl.syslog: SYSLOG, length: 270
Facility local0 (16), Severity info (6)
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:15:17 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName="General DNS" n=2409400 src=172.22.100.251:49176:X0 dst=172.22.103.9:53:X0 proto=udp/dns sent=63 spkt=1 cdur=30616 fw_action="NA"
2. To see if we are receiving heartbeat from a specific firewall we can use the following:
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C | grep m=96
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:16:45 UTC" fw=10.71.254.58 m=96 n=70660 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=60
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:17:45 UTC" fw=10.71.254.58 m=96 n=70661 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=61
3. To see if we are receiving syslogs from specific firewall:
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:16:45 UTC" fw=10.71.254.58 m=96 n=70660 i=60 lic=0 pt=80.443 usestandbysa=0 dyn=n.e ai=1 fwlan=172.22.100.251 conns=60
4. To see if the firewall is receiving syslog with correct priority (it is important to have the sylog in the correct priority, if the log settings too high or low it can have impact on reporting. For example 'No matching record found'):
[root@mini8snwl syslogs]# tcpdump -v -i eth0 src 192.168.177.58 | grep C0EAE481991C | grep m=537 | grep pri=6
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:34:51 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49169 appName="General DNS" n=2410169 src=172.22.100.251:55427:X0 dst=172.22.103.9:53:X0 proto=udp/dns sent=73 spkt=1 cdur=30100 fw_action="NA"
Msg: id=firewall sn=C0EAE481991C time="2016-07-19 14:34:51 UTC" fw=10.71.254.58 pri=6 c=1024 m=537 msg="Connection Closed" app=49202 appName="General UDP" n=2410170 usr="Unknown (SSO failed)" src=192.168.177.222:1900:X3 dst=192.168.163.7:53334:X1 dstMac=02:17:c5:0f:51:57 proto=udp/53334 sent=2868 spkt=6 cdur=37750 fw_action="NA"
5. To see the real time log from any specific log file:
<
For example we like to see the real time Summarizer logs:
- Navigate /opt/GMSVP/Logs directory
[root@mini8snwl Logs]# tail -f StdVPSummarizer0.log
[Mon Jul 18 11:22:21 CEST 2016] Jul 18, 2016 11:22:21: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_091911_to_20160718_092211.unp
[Mon Jul 18 11:24:47 CEST 2016] Jul 18, 2016 11:24:47: [ETLProcess/run()]: ETL runs so far = 90611
[Mon Jul 18 11:25:18 CEST 2016] Jul 18, 2016 11:25:18: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_092211_to_20160718_092511.unp
[Mon Jul 18 11:28:19 CEST 2016] Jul 18, 2016 11:28:19: [DatabaseAdminTask/isDBConfigured()]: Local DB Configuation is in sync
[Mon Jul 18 11:28:20 CEST 2016] Jul 18, 2016 11:28:20: [FileProcessor/call()]: Finished processing syslog file: 1_20160718_092511_to_20160718_092811.unp
6. To see the upgrade history of the Analyzer/GMS:
- Nevigate to /opt/GMSVP/conf directory
[root@mini8snwl conf]# cat upgradeHistory.log
Fri Sep 18 13:06:33 UTC 2015:sw_gmsvp_all_eng_8.0.hotfix.dts.161814.sig:hotfix:Analyzer IP Fix:161814:Success
Fri Sep 18 13:25:28 UTC 2015:sw_gmsvp_all_eng_8.0.hotfix.dts.161632.4.sig:hotfix:Support for SonicOS 6.2.4 and other fixes (Take-4):20150715:Success
Thu Nov 12 10:28:04 UTC 2015:sw_gmsvp_all_eng_8.0.sp1.10.sig:sp:Service Pack 1 for 8.0 (Take-10):20151029:Success
Related Articles
- Can we make changes to a firewall config acquired on NSM directly through the firewall?
- Perform Restart of firewall from NSM.
- Requirement is to push cfs settings from one firewall to a group of Firewalls in NSM.
YES
NO