Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
e7463ccf-f88c-4
Explorer

Audit logs are not reported

Jump to solution

I have an SMS R80.40 that stopped receiving audit logs. No changes were made or anything like that.
One day he was reporting and the next he stopped. It is as if the daily audit log files were not generated.

There is disk space, normal logs appear.

Any ideas?

Thanks in advance.

 

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

I guess you could try to rotate the audit log file yourself, but generally it is not a good idea to try to manually tamper with live log files such as fw.log and fw.adtlog as I've seen strange things happen with indexing if you do.  Probably need to have TAC look at it.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
6 Replies
Timothy_Hall
Champion
Champion

I've seen a corrupt audit log cause this.  Since fw repairlog can't be used for audit logs, try rotating the audit log file with fw logswitch -audit.  You can then try merging them back together with fw mergefiles.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
e7463ccf-f88c-4
Explorer

Hi Timothy,

Thank you for your response. I tried but I received " Log switch failed" error. 

[Expert@XXXXXX]# fw logswitch -audit
Log switch failed

Regards,

David

 

0 Kudos
e7463ccf-f88c-4
Explorer

Hi guys,

Any idea please?

The logswitch fails with audit logs. It works normal logs.

Thanks in advance,

0 Kudos
Timothy_Hall
Champion
Champion

I guess you could try to rotate the audit log file yourself, but generally it is not a good idea to try to manually tamper with live log files such as fw.log and fw.adtlog as I've seen strange things happen with indexing if you do.  Probably need to have TAC look at it.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

0 Kudos
e7463ccf-f88c-4
Explorer

Hi Timothy,

Thank you! 

I am going to open a TAC in order to review.

Regards,

0 Kudos
Timothy_Hall
Champion
Champion

Great, let us know what you find out.

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos