Logs on SMA1000 and its importance for troubleshooting.

10/22/2020 23 People found this article helpful 33,771 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

What logs on SMA1000 needed for investigating or troubleshooting  issues.  

Resolution

Logs and their requirement:

• All logs on SMA1000 device logs are not end user friendly.  These logs might be  requested by  SonicWALL Support or SonicWALL Engineering for investigating an issue.
• On event of failure or issue or symptom reported by Customer logs would help in reviewing the cause or state of device.
• All logs could be specifically pulled or exported with the help of Snapshot*
•  How to Enable Debug logging on SMA1000.  This link would help you in navigating to log enabling section on SMA1000.

Log categories and respective logs

1) Management Console related issues:

/var/log/aventail/management.log , log.1...n.   (Support for Analysis might request for higher level of logging).

2) Upgrade failure or Hotfix update failure:       (Support for Analysis might request for higher level of logging).

/var/log/aventail/mangement.log,log.1...n

/var/log/aventail/upgrade.log,log.1..n

#df -h output 

3)  Workplace related issues:                                 (Support for Analysis might request for higher level of logging).

/var/log/aventail/workplace.log

/var/log/aventail/wp_init.log

4)  Application access failures over browser or SSO Failure   with logging level raised to highest or as recommended by SonicWall Support

extraweb_plaintext.log,

extraweb_access.log

workplace.log

wp_init.log

access_servers.log

getinfo logs for the period issue was tried or being reported.

client based capture, network trace captured from browser.

5) Users unable to authenticate & Tunnel access failures with logging level raised to highest or as recommended by SonicWall Support

/var/log/aventail/access_servers.log

appliance packet capture

date & time on appliance and NTP related info

Client logs and capture  (Section Client logs)

extraweb_plaintext.log,  (SAML or browser based authentication)

extraweb_access.log       (SAML or browser based authentication)

6)  Appliance reboot or device failure or All users dropped  with logging level raised to highest or as recommended by SonicWall Support

/var/log/kern.log,log.1,log..n

/var/log/dmesg.log,log.1...log..n

any trace files under 

/var/log/core or /var/log/dump  Note: For initial analysis all *.trace files are good for analysis we might need *.gz file if tracefiles are corrupt.

/var/log/aventail/access_servers.log,log.1,log..n 

/var/log/aventail/servicemgr.log,log.1,log..n

/var/log/aventail/ctrl-service.log,log.1,log..n

/var/log/aventail/getinfo (All files recorded for specific day + two previous days)

7)  CMS /GTO Synchronization related issues:  with logging level raised to highest or as recommended by SonicWall Support

/var/log/aventail/management.log

/var/log/couchdb/couch.log, 

/var/log/aventail/couchdb_proxy_access.log

/var/log/replicator/*

data & Time on appliances & CMS

Snapshot

Management Console-Troubleshooting-Snapshot- 

Once selected would create and download snapshot.tgz to your default downloads directory.

Note: 

a) snapshot :   (Do not run or execute  Snapshot option when your appliance is with High CPU or High Memory or device is running with low diskspace or High user load)

b) Encrypting a Snapshot needs  password.  And the same to be shared for decrypting.

Generic Note:

a) For all issues we recommend to provide getinfo logs (which provides health Status over a period of time.)

/var/log/avential/getinfo/ (  Note Please provide getinfo logs for entire period of date and time in addition providing previous day(s) would help in analyzing respective services and  appliance functionality).

b) Configuration export -Management Console-Maintenance-Export (.aea extension)

c)  Current level of hotfix applied to the device.

Related Articles

• How to secure Virtual Office portal from all external access
• NetExtender users fail to get connected throwing an Error Failed to get vpn protocol on firmware 10.2.1.2 or above due to misconfigured protocol
• Is SRA/SMA appliance vulnerable to CVE-2016-2183 and CVE-2016-5915?

Categories

• Secure Mobile Access > SMA 1000 Series > Logging