Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fjulianom
Advisor
Jump to solution

Weird behaviour with SMS logs

Hi community,

 

I have a test SMS I am using in a lab. It is a new SMS, so it has default configuration. When seeing the log section, I can see this:

log1.PNG

The first strange thing I see is the "Log File: Latest Log File" in the log search bar. Normally I don't see this in production SMS. And when I click on this I see the following:

log2.PNG

It seems there are three files, and every file is when I turned off the SMS. Is this normal behaviour? Is there a way to see all the logs the SMS has collected directly without searching in different files?

 

Regards,

Julián

 

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Hi - What version are you using?

Is Log Indexing enabled?

View solution in original post

7 Replies
Tal_Paz-Fridman
Employee
Employee

Hi - What version are you using?

Is Log Indexing enabled?

fjulianom
Advisor

Hi,

This is R81.10. It has default configuration, so if Log Indexing is disabled by default, it is disabled. I saw this in the documentation:

Enabling Log Indexing
Log indexing on the Security Management ServerClosed or Log ServerClosed reduces the time it takes to run a query on the logs. Log indexing is enabled by default.

In a standaloneClosed deployment, log indexing is disabled by default. Enable log indexing only if the standalone server CPU has 4 or more cores.

 

So, a little bit ambiguous. I checked and it was disabled. I have enabled and now ir working as expected.

 

Thank you very much,

Julián

0 Kudos
fjulianom
Advisor

Hi Tal,

 

One more little question about this. I enabled Log Indexing, and the default configuration is like this:

logindex.PNG

If I don't enable "Apply the following logs retention policy", how many days will the indexed logs be kept?

 

Regards,

Julián

0 Kudos
Lesley
Leader Leader
Leader

This depends on disk size and the setting you configured above it (when to start removing logs).

Note index logs are quicker to search but they also take more disk space. Most of the time if you check for logs you only go back couple hours / days and not weeks. And if you want it will only be a bit slower.

-------
If you like this post please give a thumbs up(kudo)! 🙂
fjulianom
Advisor

Hi,

 

Reading again I am a bit confused. If I enable the checkbox and leave the default, When it says "Keep indexed logs for no longer than 14 days", will it mean will start deleting logs older than 14 days?

 

Regards,

Julián

0 Kudos
Lesley
Leader Leader
Leader

I dont want to paste the whole story here but if you press the ? mark in the screenshot you send they explain a lot also with examples. If that is unclear let us know. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
fjulianom
Advisor

Hi,

 

Thanks, more clear looking at the examples. Also because the screenshot I pasted can lead you to misunderstanding. The window that pops-up when you press the ? mark has a different wording. The screenshot I pasted says "Keep indexed logs for no longer than 14 days", and the window that pops-up says "Delete index files older than <number> Days ". The first insinuates to delete logs, the second insinuates to delete index files, which is not the same.

 

Regards,

Julián

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events