This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
George_Ellis
Advisor
‎2025-01-29 07:16 AM

Sanity Check - Maestro connected appliances only update one /var/log

Good day,

I searched and either it is not covered or my search sucked.  I assume this is an "everybody knows that", but it is new to me.

I was chasing an issue with a potential false positive SNMP report to our collector.  What is not important.  I inspected /var/log/messages in Appliance 1 (from Orchestator "m 1 1").  When I went to appliance 2 and 3 ("m 1 2" and "m 1 3"), none of the files in /var/log were recent (2+ years old).  Made me go "Huh?"  It made some sense if you wanted to have 1 point to investigate.  But considering dmesg also was ancient history, I started wondering.

Are the logs really consolidated on appliance 1, or they are somewhere else and I am missing it?

0 Kudos
3 Replies
Dario_Perez
Employee Employee
Employee
‎2025-01-29 08:48 AM

there are some possibilities.

  1. Appliance came with maestro version and only were added to SG without change the clock. 
  2. NTP was unreachable and set to SGM to old date and recovery at some point. 

keep in mind that could be cosmetic

0 Kudos
George_Ellis
Advisor
‎2025-01-29 10:30 AM
In response to Dario_Perez

Sorry, that is not the issue.  That would have been easy.  Time Date are correct, and there are some other files that are current like smart.log.dbg for example.

 

0 Kudos
Lloyd_Braun
Advisor
‎2025-01-29 11:37 AM
In response to George_Ellis

The logs are not consolidated on 1 device. You can use "asg log" command to query some logs across all cluster members. Viewing a Log File (asg log) You will probably see more current logs in your $FWDIR/log/* directories. My /var/log has some that haven't updated since last reboot, some since before that. There are a few with current timestamps in there though.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events