Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Garrett_DirSec
Advisor

R8x Log View and operational considerations

Hello --  customer recently upgraded to R81 (with "GA" jumbo release).

They had a few questions about Log File management and operational considerations.

They are used to R77x era concepts of log file rotation and having to open log files for the specific period they want to investigate.

Their R8x SmartCenter has daily log rotation policy in place.   

They are asking "how to I open log file(s) from last week?".

I was looking for easy and concise documentation that explains all this.

The R81 Logging Admin guide (below) is a cumbersome merge of three topics (individual logs, SmartEvent, and Monitoring).

In addition, the documentation doesn't spell out anything about how to manage and/or access rotated logs.  There is mention of re-indexing old logs for SmartEvent but this bad assumption for all customers and doesn't apply to individual log files at Log SERVER.

Any SK references (or other documentation) that I can forward would be appreciated.  

R81 Logging and Monitoring Admin Guide URL

thanks -GA

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Prior to R80, log rotation happened automatically at 2GB.
Now it happens at 2GB and daily at midnight by default.
And no, you cannot disable the “daily at midnight” log rotation.

You can open an individual log file, which is necessary when indexing is disabled.
This can be accessed from the hamburger menu > File > Open Log File.
You can open a single log file at a time.

Indexing can be done for logs a certain number of days back.
Don't believe there’s a way to index a specific log file.

Garrett_DirSec
Advisor

Hello and thanks for msgs.   much appreciated. 

The issue was how to open previous log files.  this was the help " hamburger menu " from @PhoneBoy .    

While I have opinion whether that's intuitive and/or usable, it is what it is. 

The retention policy and associated settings are well understood.

sincere thanks for all.

0 Kudos
G_W_Albrecht
Legend
Legend

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events