Re: WSA S170 - any way to view old logs in the reporting GUI?

NetworkResponsible · ‎11-15-2019

We've used centralized logging for a very long time on our WSAs - sending it all to the SMA.

However due to human error we let the feature keys expire on the SMA, which means no logs were processed from the WSAs.

I've now changed to local logging in our WSAs, however it only shows events that have happened since enabling local logging.

Checking through ftp gui and cli, I'm able to see that all the logs do indeed still exist.

How can I view these in a graphical way, preferably through the reporting GUI? I cannot find any "import" or such option.

Second option would be to export these logs to some type of Cisco or 3rd party tool to view them in an easy way. I've been looking at some of the logs through VSCode, but it's impossible to find what I want by just looking at the clear text in the log manually.

Essentially I want to get browsing events from a certain user during a certain timeframe.

Can this be done, or am I out of luck?

Thanks!

shgrover · ‎12-29-2019

Hello NetworkResponsible,

I am sorry but you are out of luck. The queues for reporting/web tracking are different depending on local reporting or centralized reporting that is the reason you can see the data from after you enabled local reporting. So the data that was in the queue to be moved to the SMA should ideally move to the SMA once you connect this WSA to another SMA and enable centralised reporting again . It would be great if you can open a case with TAC and we can take a look at it for you.

Regards

Shikha Grover

PS: Please don't forget to rate and select as validated answer if this answered your question