I have server with SFOS v19, I am confused about log viewer. I think that it always show only logs in 10 minutes window.
I tried to change time filter (all records ,last 4 hours, 60 minutes, etc.) but it doesn't work .
I can only view firewall logs for last 10 minutes, what If I want to view firewall module logs three days or month ago, is this possible ?
or I can view them from another place like reports tab.
can anyone explain the limits of log viewer.
thanks a lot
So the current behavior of Logviewer shows you the recent Logs. You can scroll down and this will show you more until the logviewer will rotate.
There was a bug in the old EAP version, which broke this behavior. This means, there was only a specific time frame. But it should be fixed.
If you go to a rarely used module, are you sure about the data contained?
Scrolling is working, for example firewall logs I can scroll down [it disabled live show] and I can view many pages but within 10 minutes.
But admin or system events it always show last events within certain time.
for example: I accesses log viewer at 11:05, it show logs from 11:05 to 10:46 , all modules.
even I view (standard or details view) same logs are viewed.
As I guessed before server with V18 to v19 upgrade no problems, But New installation with (SW-19.0.0_GA-317.iso) have these problems.
Just to double check: If you generate a entry in IPS for example, does this entry disappear after this time window?
This would generally mean, you are affected by this issue. Can you create a Support Case?
Yes, I tested log viewer for all logs again so the last conclusion is : (all logs for all modules are within fixed window (20 minutes) for all kinds of logs, and any entry disappear after this window. and even if I change time filter nothing changes, still fixed 20 minutes window.)
I will wait for the next upgrade to fix the problem if there is no solution.
Fresh installation with SW-19.0.0_GA-317.iso
If you have a valid Support license, I would recommend you to open a case with support so the case can get to GES and DEV, for them to be able to acknowledge the issue and work on a fix for your device, I haven't seen this error reported, so chances are the next upgrade might not fix this.
You should share with support the output of
csc custom status
ls -lh /var/eventlogs
first, could I open a support ticket for trial license ?
As I said this is a testing server with trial license to evaluate v19 , But I reformatted the server with (SW-18.5.4_MR-4-418.iso) then I applied the upgrade (SW-19.0.0_GA.SFW-317.sig) and restore backup , and the log viewer works fine and show all logs as usual.
so my theory , there is problem in (SW-19.0.0_GA-317.iso).
A new old problem returned, when I formatted Server with SW-18.5.4_MR-4-418.iso (default configuration) and register it with trial license , and tried to upgrade to v19 using (SW-19.0.0_GA.SFW-317.sig) it shows message after upload file , on reboot (default configuration will be applied ?????) and on reboot same old issue appeared, failed to migrate configuration and default will be applied.
even report settings are default (Retain SSL/TLS inspection logs of the past is 1 month)
thanks a lot
V18.5 MR4 to V19.0 GA is not supported. You need to wait for V19.0 MR1.
I'm confused , is it safe to use v19 GA for production server ? , or I should use v18.5 MR4 and wait for v19 MR1.
my last Backup configuration was on v19, what should I do to restore it on v18.5, it will not be valid ??
or there is a way to do this.
You can use V19.0 GA. You cannot restore a V19.0 Backup on a V18.5 Release.