We'd love to hear about it! Click here to go to the product suggestion community
So this was frustrating to figure out because I never really get any guidance from support on how to do this. I think they are assuming everyone simply uses PuTTY for Windows or some other Linux client and everyone must know how to capture logs to a file, it's easy right? OK well yeah it is, but here's the guide for people who don't know how now and still need to learn. If you want to grab a log, use PuTTY. I prefer the Bitvise SSH Client, but they don't have the same logging capabilities as PuTTY.
When you first run PuTTY, you get a window where you can type your host and connect. But there's also a Logging area under Session you can configure to save the output of the entire session into a log file:
OK so click there and make the following changes:
I use "All session output" and you also have to change the location of the default log file name, or it defaults to the program location where no one has default write access (unless you run PuTTY as Admin). So my Log file name is: C:\Users\chris\Documents\Putty logs\&H-&Y-&M-&D-&T.log There's a legend for what those & global variables translate to.
You're going to login as admin. If you want to paste your password in you can, just hit the right mouse button somewhere in the terminal screen if its in the clipboard.
Let's say you need to grab your awarrenmta.log file from /log folder. to do this you're gong to need to enter the Advanced Shell. Select #5 Device Management, then #3 Advanced Shell. Be very careful in this area, if you do the wrong thing you could ruin your device and void your warranty. However, digging through a log is something they make us do rather frequnetly at my shop.
So you advanced shell looks like this:
You're going to type the following commands:
cd /logcat awarrenmta.logcat awarrenmta.log.0
awarrentmta.log.0 goes back further than awarrentmta.log, but picks up where awarrenmta.log drops off. When the system brings you back to the bash prompt, type exit, then hit 0 twice to leave the console. This will close PuTTY and you'll have a nice large .log file to zip up and email to Sophos support.
the other way could be to run a portable FTP server on your notebook and use ftpput on the XGs advanced Shell.
using this method you don't need to wait for cat to display lots of log lines.
see this Article for reference
In reply to lna:
Right, thanks Lukas! Any way that can be automated? On UTM9 I could setup multiple log shipping options and then I'd planned to someday submit that to something like splunk to generate alerts for me. However, I don't see that option in the XG interface. I can work out how I might do that with some linux scripting, but I was hoping for an easier-to-manage UI element for my less Linux familiar support staff.
In reply to Chris Shipley:
i Think Splunk is Syslog-Aware
Configure --> system services --> Log Settings --> syslog-servers [Add]