- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Logs on SMA1000 and its importance for troubleshooting.
10/22/2020 
61 People found this article helpful
185,158 Views
Description
What logs on SMA1000 needed for investigating or troubleshooting issues.
Resolution
Logs and their requirement:
- All logs on SMA1000 device logs are not end user friendly. These logs might be requested by SonicWALL Support or SonicWALL Engineering for investigating an issue.
- On event of failure or issue or symptom reported by Customer logs would help in reviewing the cause or state of device.
- All logs could be specifically pulled or exported with the help of Snapshot*
- How to Enable Debug logging on SMA1000. This link would help you in navigating to log enabling section on SMA1000.
Log categories and respective logs
1) Management Console related issues:
/var/log/aventail/management.log , log.1...n. (Support for Analysis might request for higher level of logging).
2) Upgrade failure or Hotfix update failure: (Support for Analysis might request for higher level of logging).
/var/log/aventail/mangement.log,log.1...n
/var/log/aventail/upgrade.log,log.1..n
#df -h output
3) Workplace related issues: (Support for Analysis might request for higher level of logging).
/var/log/aventail/workplace.log
/var/log/aventail/wp_init.log
4) Application access failures over browser or SSO Failure with logging level raised to highest or as recommended by SonicWall Support
extraweb_plaintext.log,
extraweb_access.log
workplace.log
wp_init.log
access_servers.log
getinfo logs for the period issue was tried or being reported.
client based capture, network trace captured from browser.
5) Users unable to authenticate & Tunnel access failures with logging level raised to highest or as recommended by SonicWall Support
/var/log/aventail/access_servers.log
appliance packet capture
date & time on appliance and NTP related info
Client logs and capture (Section Client logs)
extraweb_plaintext.log, (SAML or browser based authentication)
extraweb_access.log (SAML or browser based authentication)
6) Appliance reboot or device failure or All users dropped with logging level raised to highest or as recommended by SonicWall Support
/var/log/kern.log,log.1,log..n
/var/log/dmesg.log,log.1...log..n
any trace files under
/var/log/core or /var/log/dump Note: For initial analysis all *.trace files are good for analysis we might need *.gz file if tracefiles are corrupt.
/var/log/aventail/access_servers.log,log.1,log..n
/var/log/aventail/servicemgr.log,log.1,log..n
/var/log/aventail/ctrl-service.log,log.1,log..n
/var/log/aventail/getinfo (All files recorded for specific day + two previous days)
7) CMS /GTO Synchronization related issues: with logging level raised to highest or as recommended by SonicWall Support
/var/log/aventail/management.log
/var/log/couchdb/couch.log,
/var/log/aventail/couchdb_proxy_access.log
/var/log/replicator/*
data & Time on appliances & CMS
Snapshot
Management Console-Troubleshooting-Snapshot-
Once selected would create and download snapshot.tgz to your default downloads directory.
Note:
a) snapshot : (Do not run or execute Snapshot option when your appliance is with High CPU or High Memory or device is running with low diskspace or High user load)
b) Encrypting a Snapshot needs password. And the same to be shared for decrypting.
Generic Note:
a) For all issues we recommend to provide getinfo logs (which provides health Status over a period of time.)
/var/log/avential/getinfo/ ( Note Please provide getinfo logs for entire period of date and time in addition providing previous day(s) would help in analyzing respective services and appliance functionality).
b) Configuration export -Management Console-Maintenance-Export (.aea extension)
c) Current level of hotfix applied to the device.
Related Articles
- How to secure Virtual Office portal from all external access
- Lost Admin Password Recovery for SMA500v
- Same syslog source for all SMA devices
YES
NO