Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4901
Views
0
Helpful
4
Replies

Viewing logs in Centralized Management

Go to solution
quentinperceval
Level 1
Level 1

‎11-08-2013 01:44 AM

Hi Everybody,

Before enabling Centralized Management on my ESAs (C370 with AsyncOS 7.6.3), I used to check problem issues by viewing the logs in the "Log Subscription page" of the gui. On this page, there was a very nice column called "Log Files", with direct HTTPS access to the logs.

But after enabling Centralized Management, this column just disappear...

Url are still valid (like for anti-spam logs :

https://@IP/system_administration/log_list?CSRFKey=3f8c9d04-40ce-4b95-a781-b41cb6261e00&log_type=antispam), but there is no more link to access it.

Any idea to restore these links, or access logs via HTTPS ?

Thank you for your help.

Best Regards

Quentin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee

‎11-08-2013 07:17 AM

Quentin -

Log files for cluster are not stored at machine level – and therefore are not going to be available.  The only retrieval methods are FTP, SCP push, syslog push.

Usually on the System Administration - Log Subscription page there are the following columns:

- Configured Log Subscriptions

- Type

- Log Files

- All, Rollover

- Delete

As soon as a cluster is created the Log Files column containing the ftp links doesn't appear anymore, which is normal behavior.

#########################

Per the Configuration Guide:

Manually Download

This method lets you access log files at any time by clicking a link to the log directory on the Log Subscriptions page, then clicking the log file to access. Depending on your browser, you can view the file in a browser window, or open or save it as a text file. This method uses the HTTP(S) protocol and is the default retrieval method.

Note: Using this method, you cannot retrieve logs for any computer in a cluster, regardless of level (machine, group, or cluster), even if you specify this method in the CLI.

...

Per the Advanced Guide:

Q. Are log files aggregated within centrally managed machines?

A. No. Log files are still retained for each individual machines. The Security Management appliance can be used to aggregate mail logs from multiple machines for the purposes of tracking and reporting.

Hope that helps!

-Robert

Cheers,
Robert Sherwin

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee

‎11-08-2013 07:17 AM

Quentin -

Log files for cluster are not stored at machine level – and therefore are not going to be available.  The only retrieval methods are FTP, SCP push, syslog push.

Usually on the System Administration - Log Subscription page there are the following columns:

- Configured Log Subscriptions

- Type

- Log Files

- All, Rollover

- Delete

As soon as a cluster is created the Log Files column containing the ftp links doesn't appear anymore, which is normal behavior.

#########################

Per the Configuration Guide:

Manually Download

This method lets you access log files at any time by clicking a link to the log directory on the Log Subscriptions page, then clicking the log file to access. Depending on your browser, you can view the file in a browser window, or open or save it as a text file. This method uses the HTTP(S) protocol and is the default retrieval method.

Note: Using this method, you cannot retrieve logs for any computer in a cluster, regardless of level (machine, group, or cluster), even if you specify this method in the CLI.

...

Per the Advanced Guide:

Q. Are log files aggregated within centrally managed machines?

A. No. Log files are still retained for each individual machines. The Security Management appliance can be used to aggregate mail logs from multiple machines for the purposes of tracking and reporting.

Hope that helps!

-Robert

Cheers,
Robert Sherwin
0 Helpful

Go to solution
quentinperceval
Level 1
Level 1
In response to Robert Sherwin

‎11-08-2013 08:15 AM

It's not the answer that I expected, but this is the answer ^^

Thank you for your help !

0 Helpful

Go to solution
ravi saini
Level 1
Level 1
In response to quentinperceval

‎11-08-2013 02:38 PM

hi

i just wondered you have applied centralized management and you still seraching logs on ESA .

go on sma devices and check log over there.

0 Helpful

Go to solution
quentinperceval
Level 1
Level 1
In response to ravi saini

‎11-12-2013 01:03 AM

Hi,

I don't understand your point : I use my SMA to centralized Reporting and Tracking, so I can find there my mail_logs, but why my antispam, antivirus, authentication, etc. logs would be there ?

Thank you fo your answer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents