Logs on SMA1000 and its importance for troubleshooting.
10/22/2020 92 People found this article helpful 474,762 Views
Description
What logs on SMA1000 needed for investigating or troubleshooting issues.
Resolution
Logs and their requirement:
- All logs on SMA1000 device logs are not end user friendly. These logs might be requested by SonicWALL Support or SonicWALL Engineering for investigating an issue.
- On event of failure or issue or symptom reported by Customer logs would help in reviewing the cause or state of device.
- All logs could be specifically pulled or exported with the help of Snapshot*
- How to Enable Debug logging on SMA1000. This link would help you in navigating to log enabling section on SMA1000.
Log categories and respective logs
1) Management Console related issues:
/var/log/aventail/management.log , log.1...n. (Support for Analysis might request for higher level of logging).
2) Upgrade failure or Hotfix update failure: (Support for Analysis might request for higher level of logging).
/var/log/aventail/mangement.log,log.1...n
/var/log/aventail/upgrade.log,log.1..n
#df -h output
3) Workplace related issues: (Support for Analysis might request for higher level of logging).
/var/log/aventail/workplace.log
/var/log/aventail/wp_init.log
4) Application access failures over browser or SSO Failure with logging level raised to highest or as recommended by SonicWall Support
extraweb_plaintext.log,
extraweb_access.log
workplace.log
wp_init.log
access_servers.log
getinfo logs for the period issue was tried or being reported.
client based capture, network trace captured from browser.
5) Users unable to authenticate & Tunnel access failures with logging level raised to highest or as recommended by SonicWall Support
/var/log/aventail/access_servers.log
appliance packet capture
date & time on appliance and NTP related info
Client logs and capture (Section Client logs)
extraweb_plaintext.log, (SAML or browser based authentication)
extraweb_access.log (SAML or browser based authentication)
6) Appliance reboot or device failure or All users dropped with logging level raised to highest or as recommended by SonicWall Support
/var/log/kern.log,log.1,log..n
/var/log/dmesg.log,log.1...log..n
any trace files under
/var/log/core or /var/log/dump Note: For initial analysis all *.trace files are good for analysis we might need *.gz file if tracefiles are corrupt.
/var/log/aventail/access_servers.log,log.1,log..n
/var/log/aventail/servicemgr.log,log.1,log..n
/var/log/aventail/ctrl-service.log,log.1,log..n
/var/log/aventail/getinfo (All files recorded for specific day + two previous days)
7) CMS /GTO Synchronization related issues: with logging level raised to highest or as recommended by SonicWall Support
/var/log/aventail/management.log
/var/log/couchdb/couch.log,
/var/log/aventail/couchdb_proxy_access.log
/var/log/replicator/*
data & Time on appliances & CMS
Snapshot
Management Console-Troubleshooting-Snapshot-
Once selected would create and download snapshot.tgz to your default downloads directory.
Note:
a) snapshot : (Do not run or execute Snapshot option when your appliance is with High CPU or High Memory or device is running with low diskspace or High user load)
b) Encrypting a Snapshot needs password. And the same to be shared for decrypting.
Generic Note:
a) For all issues we recommend to provide getinfo logs (which provides health Status over a period of time.)
/var/log/avential/getinfo/ ( Note Please provide getinfo logs for entire period of date and time in addition providing previous day(s) would help in analyzing respective services and appliance functionality).
b) Configuration export -Management Console-Maintenance-Export (.aea extension)
c) Current level of hotfix applied to the device.
Related Articles
Categories