Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
How to re-process archived / bad syslogs to re-generate reports in Virtual Appliance
03/26/2020 
1131 
9248
DESCRIPTION:
In some circumstances user may need to reprocess syslogs to generate reports. Below instructions how to re-process archived logs to generate reports in Virtual Appliance.
RESOLUTION:
1. Obtain root password from tech support:
Please log a Support request with SonicWall tech support team with GMS/Analyzer serial number. Support team will provide the root password.
2. Connect to VA using secure client like ‘Putty’:
- Go to https://GMS/Analyzer_IP/appliance page
- Go to license > refresh license (This will activate the root password provided by tech support)
- Open Putty
- Username: root
- Password: (provided by tech support)
3. Steps to re-process logs:
Step 1:
- Go to archived logs directory (cd /opt/GMSVP/syslogs/ archivedSyslogs)
Step2:
- Create a folder to reprocess syslogs:
- mkdir reprocessedLog (reprocessedLog is the name of the folder created)
Step 3:
Determine the logs you like to re-process. For an example logs will similar to this RawSyslogs_X_20160505__1.zip. In this instance we will re-process logs for the month of May only.
- Each zip file has year month and day format
Step 4:
Move the logs for the month of May to the newly created folder:
- cp RawSyslogs_1_201605* /reprocessedLog
- Use the wildcard (*) to confirm everything from the month of May 2016
- You can use days or weeks by specifying the dates correctly
Step 5:
Move to reprocessedLog folder and unzip all the files
- cd reprocessedLog
- unzip '*.zip'
- above will unzip all the zip files to .prd format
Step 6:
Remove the duplicate zip files
- rm *zip
Step 7:
Rename .prd file extension to .src format
- for x in *.prd; do mv"$x" "$(basename "$x" .prd).src";done
- above will rename all the .prd files to .src files
Step 8:
Move all the .src file to the syslog folder to re-process the syslogs:
- cp *src /opt/GMSVP/syslogs
4. Restart all the services:
- Go to https://GMS/Analyzer_IP/appliance
- Deployment > Services > select all services > restart
- This will start processing all the .src files for reports
