Open topic with navigation

Retrieve Logs

Logger records some audits and debugs information. These system logs (not be confused with the event logs) can provide detailed information when an incident occurs.

Customer support may ask you to retrieve logs as part of an incident investigation. If so, follow the steps below and provide the resulting .zip file to customer support.

When retrieving logs, you have the option to sanitize the log files by obfuscating the IP addresses, hostnames, and email addresses. However, sanitizing adds extra time to log retrieval. Each sanitized IP address, hostname, and email address is replaced by the symbols xxx.xxx.xxx.xxx (for IP addresses), sanitized@email (for emails) and sanitized.host.name (for hostnames).

To retrieve Logger system logs:

1. Open the Configuration > Advanced menu and then click Retrieve Logs.
2. Select the Log Retrieval options to use when creating the Log file.
• If you select Do not sanitize logs (fastest), then all IP addresses, hostnames and email addresses will be kept in the log file.
• If you select Remove IP addresses, all IP addresses in the log will be obfuscated. You cannot specify individual IP addresses.

• If you select Remove IP addresses, hostnames, email addresses, session IDs, and passwords (slowest), the password string will be obfuscated .You must specify the suffixes of the hostnames and email addresses in the text box.

  Separate multiple suffixes with comma, space, or line-break. For example, to obfuscate all hostnames and email addresses that end with microfocus.com and gmail.com, you could specify the following:

  microfocus.com, gmail.com

  All IP addresses, hostnames, and email addresses with the specified suffixes will obfuscate. Individual email addresses like name@microfocus.com can no longer be specified, and their suffixes ignored.

  For security purposes, the information from sessions table is excluded in this report. In that same regard, passwords will be hashed when rendering report that includes .dat and .SQL files.

3. Click Retrieve Logs. The page will display a progress bar while the logs are being retrieved.
4. When the collection is complete, the system log files have been compressed into a single zip file. A link to this file is displayed on the Log Retrieval page. Click the link to download the file.

Collecting Logger deployment environment information

Collecting Logger deployment environment information compiles the basic details in one single file allowing a more direct interaction with the Support Team. The retrieve package will usually be available (but can vary based on Logger type) at [LOGGER_HOME] /tmp. The include deployment info/stats box (checked by default) includes a json file attachment in the logs.zip. To get only the json file, click Download Environment info button.

loggerdeploymentinformation.json contains the following information:

• current time
• Logger information : installation type (SW/Appliance), Product version, Model, ESP.
• OS information
• Processor information
• Memory information
• Average EPS, current EPS
• Receivers
• Forwarders
• Peers
• Alerts
• Storage Group
• Storage volume
• Failed Archive