Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dominic
Participant
Participant

Log File (fw.log)

Hi team, 

I want to import the log file (fw.log) back to my database because I am forced  to generate a report for the previous month. 

Note; the existing active log file) (fw.log) only has the recent events alone.

Kindly advice.

0 Kudos
9 Replies
Dror_Aharony
Employee Alumnus
Employee Alumnus

Not sure I follow.

Which version are you using?

Do you want to re-Index the fw.log into the SmartEvent? or do you mean all log-files from the past month?

Do you need the correlated events as well? which report?

Please describe the scenario again.

0 Kudos
Dominic
Participant
Participant

Please note that I'm not trying to achieve anything to do with smart event and re-indexing at the moment.
Is it possible to import the log file (fw.log) through WinSCP or via smart view tracker back to log server. In either way without any effect on the active log file, what will be the right approach and guideline?
0 Kudos
Pedro_Espindola
Advisor

You can rename it and copy it back to $FWDIR/log/ in your log server.

Then you can open it with SmartView Tracker (R77) or using the open file option in SmartConsole (R80+).

If you have problems you can try to repair it following the procedure from sk98929 with te command:

fw repairlog -u  <Name_of_Log_File>.log

 Now, if you need to create a report with data from this file, then additional indexing steps will be needed.

0 Kudos
Dominic
Participant
Participant

What will happen with the existing active log file (fw.log)...?

Then note that, I am currently on Gaia R80.10 HA, so should I use smart view tracker or import via WinSCP ...?
0 Kudos
Pedro_Espindola
Advisor

First you have to copy the file to $FWDIR/log/ with WinSCP and then you can open it with SmartConsole or SmartView Tracker.

Rename it first so you won't overwrite the current fw.log.

0 Kudos
Dominic
Participant
Participant

Hi Pedro,
I did rename it then imported to$FWDIR/log through WinSCP . Funny enough I couldn't view the logs even though it was existing on the console. What I would wish to understand ; should the import happen through the smart view tracker or through WinSCP?
0 Kudos
PhoneBoy
Admin
Admin

You have to use WinSCP to copy the file to the platform before you can use any other tool to read the log file.
0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus

Pedro is absolutely correct, but it's safer to close/switch the fw.log (active log-file) 1st, unless that somehow troubles you?

that is done automatically when it reaches the max size of 2GB or daily (>=R80) or GUI configured.

so run this:

fw logswitch <chosen_name>

# if you don't name, then it names it by default as the current date/time (2020-04-26_091200.log).

Copy (all <name>.log*), via scp/winscp or any other way. Put in $FWDIR/log/ & open it via Tracker/Open Log-File.

If you've already renamed it, then best run the fw repairlog <new-name.log> & verify it succeeds, then copy all <name>.log* files.

 

 

0 Kudos
Pedro_Espindola
Advisor

You can only open the file with SmartLog or SmartView Tracker after the file is in $FWDIR/log/. When you select the open log file option it will give you a list of log files in $FWDIR/log/. Just select the correct one.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events