- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How to re-process archived / bad syslogs to re-generate reports in Virtual Appliance
03/26/2020 
1,135 People found this article helpful
32,248 Views
Description
In some circumstances user may need to reprocess syslogs to generate reports. Below instructions how to re-process archived logs to generate reports in Virtual Appliance.
Resolution
1. Obtain root password from tech support:
Please log a Support request with SonicWall tech support team with GMS/Analyzer serial number. Support team will provide the root password.
2. Connect to VA using secure client like ‘Putty’:
- Go to https://GMS/Analyzer_IP/appliance page
- Go to license > refresh license (This will activate the root password provided by tech support)
- Open Putty
- Username: root
- Password: (provided by tech support)
3. Steps to re-process logs:
Step 1:
- Go to archived logs directory (cd /opt/GMSVP/syslogs/ archivedSyslogs)
Step2:
- Create a folder to reprocess syslogs:
- mkdir reprocessedLog (reprocessedLog is the name of the folder created)
Step 3:
Determine the logs you like to re-process. For an example logs will similar to this RawSyslogs_X_20160505__1.zip. In this instance we will re-process logs for the month of May only.
- Each zip file has year month and day format
Step 4:
Move the logs for the month of May to the newly created folder:
- cp RawSyslogs_1_201605* /reprocessedLog
- Use the wildcard (*) to confirm everything from the month of May 2016
- You can use days or weeks by specifying the dates correctly
Step 5:
Move to reprocessedLog folder and unzip all the files
- cd reprocessedLog
- unzip '*.zip'
- above will unzip all the zip files to .prd format
Step 6:
Remove the duplicate zip files
- rm *zip
Step 7:
Rename .prd file extension to .src format
- for x in *.prd; do mv"$x" "$(basename "$x" .prd).src";done
- above will rename all the .prd files to .src files
Step 8:
Move all the .src file to the syslog folder to re-process the syslogs:
- cp *src /opt/GMSVP/syslogs
4. Restart all the services:
- Go to https://GMS/Analyzer_IP/appliance
- Deployment > Services > select all services > restart
- This will start processing all the .src files for reports
Related Articles
- How to move a firewall from Zero Touch to Manual Mode
- How to configure firewalls to be managed by Global Management System (GMS)?
- How to download tech support reports from SonicWall GMS and SonicWall Analyzer
YES
NO