Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergei_M
Explorer

Log Exporter Reexport

For the purpose of restoration of logs after accidents we tried to apply command cp_log_export reexport. In practice unloading of logs was executed in the period of last 4 hours that did not suit us. Whether there is an opportunity to unload the logs fora longer period? How to make it?

0 Kudos
6 Replies
Sergei_M
Explorer

Checked the Log reexport function at the test stand. Logs were exported for the entire period (2 weeks). Whether there is a restriction at the LogExport utility in volume of the exported logs? If is, then how this restriction to remove or increase the volume of the exported logs?

0 Kudos
Sergei_M
Explorer

There is a parametуr in source section of xml configuration file for read logs from N days back with default value 1

<!-- Source section defines the properties of the input stream that will be exported -->
  <source>
    <log_files>1</log_files><!-- on-line[default] | read logs from [number] days back (recommended) | specific file name -->

If I change this value to any another  log exporter clean old logs on sms log server!

Anybody knows if any documentation how to set  this period for log exporter?
As I understood log exporter read all available logs and put it to log server. Whether there are restrictions for quantity of logs from log exporter?

0 Kudos
Sergei_M
Explorer

Yesterday I thought that I learned the Zen since reexport without description in documentation forced to work. Today the Zen laughed at me and gave the next surprises.  Now is more detailed.

Working with cp_log_export yesterday, I defined that at the started process of cp_log_export the reexport function just did not work, the logs were not transferred to external kiwi syslog server, though displayed in the Smartlog console. Found a solution. It turned out that if to stop process by the cp_log_export stop command, and then to execute cp_log_export reexport, then the logs go for the entire period. But it was yesterday! Today decided to fix the experience, but in attempt to unload the log at the working process of cp_log_export that not worked yesterday, today perfectly earned. The truth new ghost effects were added, the logs in the unloaded log from the SMS server went by dates alternately. So not in on increase, but separately by day 20, 19, 17. 19. 17, 19 and so on. The same situation with logs reexports if the log_export process was at first stoped and then reexport executed.

Somebody met this problem?
Developers can give the detailed answer in what state it is necessary to start the reexport function and how to adjust logs export for N days

0 Kudos
J_S_2023
Explorer

Hi Sergei,

Were you able to execute the reexport smoothly and also for N days?

0 Kudos
PhoneBoy
Admin
Admin

Hi, what version are we talking about here?
It sounds like you have multiple cp_log_export going to the same server, which might explain why you're seeing alternating logs.
You should only have one for Security Logs per syslog server.
0 Kudos
Sergei_M
Explorer

Hi, I have quite simple test zone: 1 NGFW 77.30, 1 SMS 77.30 and 1 Win2008 server with SmartDashboard and Kiwi Syslog Server. Log Exporter installed only on SMS server. So there is only 1 cp_log_export going to the server.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events