cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Not able see the old logs (Without Log Indexing)

Jump to solution

Dear Team,

Test on my Lab environment. 

OS: R80.20 


So is it working as is it ????

or is there any way we able to filter logs without enabling Log Indexing.

NOTE: On one of the customer environment also even Log Indexing is enabled we unable to see the yesterday logs or past logs when we filter the logs we see only Today Logs.

--> Even custom filter also not showing proper result its showing logs but one-day past logs (Like If I am select December 10 then It's showing 9 December logs ) 

 

#Chinmaya Naik

Labels (1)
1 Solution

Accepted Solutions

Re: Not able see the old logs (Without Log Indexing)

Jump to solution

Hi Chinmaya,

It is true if we will disable the log indexing it stops correlating the logs and will behave as smart view tracker in R77.30.

Also the difference you are seeing in logs (i.e 1 day back logs as per filter) is due to the bug as I have faced this issue in R80.10 where timing were pulled back to 3-4 hours. CP has provided the custom fix for that as it depends upon the customer/ lab environment.

NOTE: On one of the customer environment also even Log Indexing is enabled we unable to see the yesterday logs or past logs when we filter the logs we see only Today Logs.

1. Could  you please let me know when you have enabled the log indexing? Is this the case you have enabled this today and you are expecting console will show you earlier/yesterday logs as well.

2. Have you removed any file relevant to logs? 

8 Replies

Re: Not able see the old logs (with out Log Indexing)

Jump to solution

Hi Chinmaya,

This is the usual behavior for Logs & Monitor View.

When you don't have Log Indexing enabled; this view works by letting you open the log files present on $FWDIR/log in a similar way as SmartView Tracker works.

Once you enable Log Indexing; all the log files are indexed and your request shows to you the indexed results from all your log files instead the log itself.

For your foot note:

NOTE: On one of the customer environment also even Log Indexing is enabled we unable to see the yesterday logs or past logs when we filter the logs we see only Today Logs.

The most probable cause is that SmartLog only indexed the current fw.log file and nothing from x days on the past. There is plenty information about this like R80.x SmartLog/SmartEvent server doesn't index/show logs older than 1-14 days back , just look at Secure Knowledge Smiley Happy


Regards.

Re: Not able see the old logs (with out Log Indexing)

Jump to solution

Ok thanks  Kenny Manrique Smiley Happy 

 But what about below point.

--> Even custom filter also not showing proper result its showing logs but one-day past logs (Like If I am select December 10 then It's showing 9 December logs ) 

Can I disable and enable the Log Indexing and check the output or else need to reboot the MGMT server ??

Because we able to see the old logs using custom filter  like 14 day back that is fine BUT why it’s showing one day back logs  as I mention on above .

Thank you

#Chinmaya Naik

0 Kudos
Admin
Admin

Re: Not able see the old logs (with out Log Indexing)

Jump to solution

When logs are not indexed, the log viewer can only work with one log file at a time.

By default this is the current one, which will cover only the current day (starting at midnight).

Logs are rotated daily at midnight.

To search older logs in this case, the relevant log file must be opened manually.

Is there a specific reason log indexing is disabled?

We generally recommend it to be enabled.

0 Kudos

Re: Not able see the old logs (with out Log Indexing)

Jump to solution

Ok Thank you Sir Smiley Happy

But if I am going to enable the Log Indexing also we not able to filter the yesterday logs, as on my LAB environment its working fine but on customer environment we unable to see the yesterday logs.

0 Kudos

Re: Not able see the old logs (Without Log Indexing)

Jump to solution

Hi Chinmaya,

It is true if we will disable the log indexing it stops correlating the logs and will behave as smart view tracker in R77.30.

Also the difference you are seeing in logs (i.e 1 day back logs as per filter) is due to the bug as I have faced this issue in R80.10 where timing were pulled back to 3-4 hours. CP has provided the custom fix for that as it depends upon the customer/ lab environment.

NOTE: On one of the customer environment also even Log Indexing is enabled we unable to see the yesterday logs or past logs when we filter the logs we see only Today Logs.

1. Could  you please let me know when you have enabled the log indexing? Is this the case you have enabled this today and you are expecting console will show you earlier/yesterday logs as well.

2. Have you removed any file relevant to logs? 

Re: Not able see the old logs (Without Log Indexing)

Jump to solution

Dear Manoj,

Thanks for the update.

Requesting you If possible can you please share me the custom hotfix so I can check on my LAB. (For Testing)

As per your question 1. Could you please let me know when you have enabled the log indexing? Is this the case you have enabled this today and you are expecting console will show you earlier/yesterday logs as well.

Ans: It's a live environment and log indexing is already enabled and still face an issue. 

 

2. Have you removed any file relevant to logs? 

Ans: No

CHINMAYA NAIK

0 Kudos

Re: Not able see the old logs (Without Log Indexing)

Jump to solution

Unfortunately I do not have custom hotfix and also that is specific to customer and for R80.10, above take_112

Did you stop/start the services of cma and logger? If no you can test this and check the status.

Thanks,

0 Kudos

Re: Not able see the old logs (Without Log Indexing)

Jump to solution

Ok, ManojSmiley Happy

We have also the same setup and we plane to restart the services.

Thanks 

0 Kudos