SFOS 19.0.0 GA-Build317 : Log Viewer behavior

So the current behavior of Logviewer shows you the recent Logs. You can scroll down and this will show you more until the logviewer will rotate. 

There was a bug in the old EAP version, which broke this behavior. This means, there was only a specific time frame. But it should be fixed. 

If you go to a rarely used module, are you sure about the data contained? 

hello

Scrolling is working, for example firewall logs I can scroll down [it disabled live show] and I can view many pages but within 10 minutes.

But admin or system events it always show last events within certain time.

for example: I accesses log viewer at 11:05, it show logs from 11:05 to 10:46 , all modules.

even I view (standard or details view) same logs are viewed.

As I guessed before server with V18 to v19 upgrade no problems, But New installation with (SW-19.0.0_GA-317.iso) have these problems.

thanks

hello

Scrolling is working, for example firewall logs I can scroll down [it disabled live show] and I can view many pages but within 10 minutes.

But admin or system events it always show last events within certain time.

for example: I accesses log viewer at 11:05, it show logs from 11:05 to 10:46 , all modules.

even I view (standard or details view) same logs are viewed.

As I guessed before server with V18 to v19 upgrade no problems, But New installation with (SW-19.0.0_GA-317.iso) have these problems.

thanks

Just to double check: If you generate a entry in IPS for example, does this entry disappear after this time window? 

This would generally mean, you are affected by this issue. Can you create a Support Case? 

hello

Yes, I tested log viewer for all logs again so the last conclusion is : (all logs for all modules are within fixed window (20 minutes) for all kinds of logs, and any entry disappear after this window. and even if I change time filter nothing changes, still fixed 20 minutes window.)

I will wait for the next upgrade to fix the problem if there is no solution.

Note:

Fresh installation with SW-19.0.0_GA-317.iso

thanks

Hello there,

If you have a valid Support license, I would recommend you to open a case with support so the case can get to GES and DEV, for them to be able to acknowledge the issue and work on a fix for your device, I haven't seen this error reported, so chances are the next upgrade might not fix this.

You should share with support the output of

csc custom status

garner.log

reportdb.log

postgres.log

ls -lh /var/eventlogs

Regards,

hello

first, could I open a support ticket for trial license ?

As I said this is a testing server with trial license to evaluate v19 , But I reformatted the server with (SW-18.5.4_MR-4-418.iso) then I applied the upgrade (SW-19.0.0_GA.SFW-317.sig) and restore backup , and the log viewer works fine and show all logs as usual.

so my theory , there is problem in (SW-19.0.0_GA-317.iso).

Note:

A new old problem returned, when I formatted Server with SW-18.5.4_MR-4-418.iso (default configuration) and register it with trial license , and tried to upgrade to v19 using (SW-19.0.0_GA.SFW-317.sig) it shows message after upload file , on reboot (default configuration will be applied ?????) and on reboot same old issue appeared, failed to migrate configuration and default will be applied.

even report settings are default (Retain SSL/TLS inspection logs of the past  is 1 month)

thanks a lot

V18.5 MR4 to V19.0 GA is not supported. You need to wait for V19.0 MR1. 

hello

I'm confused , is it safe to use v19 GA for production server ? , or I should use v18.5 MR4 and wait for v19 MR1.

my last Backup configuration  was on v19, what should I do to restore it on v18.5, it will not be valid ??

or there is a way to do this.

thanks

You can use V19.0 GA. You cannot restore a V19.0 Backup on a V18.5 Release.