Logs on SMA1000 and its importance for troubleshooting.
10/22/2020 23 People found this article helpful 33,771 Views
What logs on SMA1000 needed for investigating or troubleshooting issues.
Logs and their requirement:
- All logs on SMA1000 device logs are not end user friendly. These logs might be requested by SonicWALL Support or SonicWALL Engineering for investigating an issue.
- On event of failure or issue or symptom reported by Customer logs would help in reviewing the cause or state of device.
- All logs could be specifically pulled or exported with the help of Snapshot*
- How to Enable Debug logging on SMA1000. This link would help you in navigating to log enabling section on SMA1000.
Log categories and respective logs
1) Management Console related issues:
/var/log/aventail/management.log , log.1...n. (Support for Analysis might request for higher level of logging).
2) Upgrade failure or Hotfix update failure: (Support for Analysis might request for higher level of logging).
#df -h output
3) Workplace related issues: (Support for Analysis might request for higher level of logging).
4) Application access failures over browser or SSO Failure with logging level raised to highest or as recommended by SonicWall Support
getinfo logs for the period issue was tried or being reported.
client based capture, network trace captured from browser.
5) Users unable to authenticate & Tunnel access failures with logging level raised to highest or as recommended by SonicWall Support
appliance packet capture
date & time on appliance and NTP related info
Client logs and capture (Section Client logs)
extraweb_plaintext.log, (SAML or browser based authentication)
extraweb_access.log (SAML or browser based authentication)
6) Appliance reboot or device failure or All users dropped with logging level raised to highest or as recommended by SonicWall Support
any trace files under
/var/log/core or /var/log/dump Note: For initial analysis all *.trace files are good for analysis we might need *.gz file if tracefiles are corrupt.
/var/log/aventail/getinfo (All files recorded for specific day + two previous days)
7) CMS /GTO Synchronization related issues: with logging level raised to highest or as recommended by SonicWall Support
data & Time on appliances & CMS
Once selected would create and download snapshot.tgz to your default downloads directory.
a) snapshot : (Do not run or execute Snapshot option when your appliance is with High CPU or High Memory or device is running with low diskspace or High user load)
b) Encrypting a Snapshot needs password. And the same to be shared for decrypting.
a) For all issues we recommend to provide getinfo logs (which provides health Status over a period of time.)
/var/log/avential/getinfo/ ( Note Please provide getinfo logs for entire period of date and time in addition providing previous day(s) would help in analyzing respective services and appliance functionality).
b) Configuration export -Management Console-Maintenance-Export (.aea extension)
c) Current level of hotfix applied to the device.