Various GMS Syslog file formats during Summarization
03/26/2020 
1087 
12033
DESCRIPTION:
SGMS: Various Syslog file formats during Summarization
RESOLUTION:
This article helps us to understand the various file formats that the Syslog are converted in the process of the Summarization.
During the process of installation of GMS/Analyzer, a folder called GMSVP is created on the installed drive. In that GMSVP folder there will be a sub folder created for the incoming Syslog files.
Once the GMS/Analyzer IP is configured on the SonicWall unit, the syslog traffic will start to flow on port UDP 514. These files will initially get stored on the hard drive at the path location specified. If the Analyzer on the C drive, then the syslog will initially be stored on C:/GMSVP/syslog
The message will get stored as a .log file.
This file size gets increased and when it reaches a limit of 10000 lines or is opened for more than three minutes, the this file is converted to .SRC and it is set ready for processing.
The format of the file as follows:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.SRC
Once the summarizer process is started, the Reports Summarizer groups the .SRC files and changes the format of the file to .UNP. Still this file remains in the Syslog sub folder.
The format of the file will be as follows:
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.UNP
In the process of the summarization, the file format PRG is generated.
The .PRG files are created when the summarizer is grouping the data and preparing it for generating the reports.
After processing the data, the report data or the summary data is uploaded to the Reports Database.
Here the data which is only necessary for the reporting is uploaded.
The formats of the .PRG file is as follows
AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.PRG (this file extension exists for a very brief time frame and may not be seen)
If data is uploaded to the Reports Database successfully, the .PRG files are converted to .PRD.
Format: AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.PRD
These are the processed files which are zipped and are moved to the sub folder called archivedSyslogs. The path location of this folder will be [Installed Dir]:/GMSVP/Syslog/ArchivedSyslogs.
At the configured syslogArchiveInterval (config exists in the sgmsConfig.xml), the .PRD files are zipped and remain for more permanent storage in the \archivedSyslog folder.
If there were problems uploading the raw syslog data to the Reports Database, the .PRG files are converted to .PRE. These files are quarantined in the \badSyslogs folder.
Format: AgentID_YYYYMMDD_HHMMSS_to_YYYYMMDD_HHMMSS.PRE
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
