So a quick to know that your disk_logging is actually working is to query the disk via the fnsysctl ls hidden command
1:
The files are store in a /var/log/root/<name with "log" >
e.g ( traffic logs )
2: now the format of this directory structure is simple
The tlog.time-index is a file that provide indexing information for transaction.
All logs are symbolic unix links
tlog.oldest will always match the oldest logfile
tlog will always match the newest file and current log file
fnsysctl cat /var/log/root/tlog will display and confirm disklogging
critical logs files to beaware of
elog == system events ( VPN auth, system auth, link monitors,etc....)
tlog == trafficlog ( Fwpolicy traffic status )
3: You can copy down the logs file by using a usb_mount device and you will need super admin access todo this
4: Finally, you can roll logs via the execute log command
execute log roll
5: to determine if the logs did roll and what logs, set a display filter and execute the cli cmd
execute log filter reset
execute log filter cat 1
execute log filter field logdesc "Disk log rolled"
execute log display
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment