- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Various GMS Syslog file formats during Summarization
03/26/2020 
1,088 People found this article helpful
44,838 Views
Description
SGMS: Various Syslog file formats during Summarization
Resolution
This article helps us to understand the various file formats that the Syslog are converted in the process of the Summarization.
During the process of installation of GMS/Analyzer, a folder called GMSVP is created on the installed drive. In that GMSVP folder there will be a sub folder created for the incoming Syslog files.
Once the GMS/Analyzer IP is configured on the SonicWall unit, the syslog traffic will start to flow on port UDP 514. These files will initially get stored on the hard drive at the path location specified. If the Analyzer on the C drive, then the syslog will initially be stored on C:/GMSVP/syslog
The message will get stored as a .log file.
This file size gets increased and when it reaches a limit of 10000 lines or is opened for more than three minutes, the this file is converted to .SRC and it is set ready for processing.
The format of the file as follows:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.SRC
Once the summarizer process is started, the Reports Summarizer groups the .SRC files and changes the format of the file to .UNP. Still this file remains in the Syslog sub folder.
The format of the file will be as follows:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.UNP
In the process of the summarization, the file format PRG is generated.
The .PRG files are created when the summarizer is grouping the data and preparing it for generating the reports.
After processing the data, the report data or the summary data is uploaded to the Reports Database.
Here the data which is only necessary for the reporting is uploaded.
The formats of the .PRG file is as follows
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.PRG (this file extension exists for a very brief time frame and may not be seen)
If data is uploaded to the Reports Database successfully, the .PRG files are converted to .PRD.
Format: AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.PRD
These are the processed files which are zipped and are moved to the sub folder called archivedSyslogs. The path location of this folder will be [Installed Dir]:/GMSVP/Syslog/ArchivedSyslogs.
At the configured syslogArchiveInterval (config exists in the sgmsConfig.xml), the .PRD files are zipped and remain for more permanent storage in the \archivedSyslog folder.
If there were problems uploading the raw syslog data to the Reports Database, the .PRG files are converted to .PRE. These files are quarantined in the \badSyslogs folder.
Format: AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.PRE
Related Articles
- Can we make changes to a firewall config acquired on NSM directly through the firewall?
- Perform Restart of firewall from NSM.
- Requirement is to push cfs settings from one firewall to a group of Firewalls in NSM.
YES
NO