Archive Log Files


    Firewall Analyzer archives the logs received from each device, and zips them in regular intervals. The Archived Files page files that have been archived for each device, along with options to load the file to search, and delete the file.

    Archived Files

    The Archived Files page lists the files that have been zipped for each device, along with the archived time, file size, and archiving status.

    The list contains the following columns:

    Attribute Description
    Device The name of the device for which the log file is archived.
    File Name  
    Start Time The starting time of the log file archiving process.
    Archived Time The completion time of the log file archiving process.
    File Size The file size of the archived logs.
    Status You can view the log file archiving status in this column.
    The status values are: Loaded, Loading, Not Loaded, Integrity Verified and File Tampered.
    The appropriate status value will be displayed, denoting the file archiving status. While loading Archived Files, if the archived file is tampered, it will not be loaded and marked as File Tampered. If it is not tampered, it will be marked as Integrity Verified.
    Action

    Click the Delete icon against an archived file to delete it.

    Click the Delete icon against an archived file to delete it.

    Warning:

    Once deleted, the archived data cannot be retrieved.

     

    Archive Settings

     Click the Archive Settings link to change the archiving intervals or to disable archiving. In the Archive Settings popup window, uncheck the Raw Logs Archiving check box to disable file archiving.

    Log files are archived at specific interval configured in this screen.

    The archiving options available are described below:

    Attribute Default Value Description
    File Creation Interval 12 hours The time interval after which a log file is created for each host from which event logs are collected.
    Zip Compression Interval 24 hours The time interval after which log files created for each host are zipped to save disk space.
    Start Initial Compression at _ Hrs _ Mins The time at which log files created for each host are zipped for the first time to save disk space.
    Retain logs for Forever You can retain the archive log data as per the compliance audit requirement or internal audit policy requirement. The options available are: Forever, 1 Year, 6 Months, 3 Months, 1 Month and 1 Week. Select the option that suits your requirement.
    Archive File Encryption Disable Firewall Analyzer comes with a feature to encrypt the archive data. To enable encryption of archive data, select the Enable radio button and to disable, select Disable radio button.
    Time Stamping Disable Firewall Analyzer comes with a feature to timestamp the archive data. To enable time stamping of archive data, select the Enable radio button and to disable, select Disable radio button.
    Change Raw Logs Archive Location <Firewall Analyzer Home>/server/default/archive directory

    By default the Archive Location for the event logs and syslogs in Firewall Analyzer is <Firewall Analyzer Home>serverdefaultarchive directory, you can change this location by clicking the Edit link and providing the location as per your requirement.

    Change Raw Logs Indexing Location <Firewall Analyzer Home>/server/default/indexes directory

    By default the Index Location for the event logs and syslogs in Firewall Analyzer is <Firewall Analyzer Home>serverdefaultindexes directory, you can change this location by clicking the Edit link and providing the location as per your requirement.

     You can create instant zip file of the existing log files waiting to be archived. Click Zip Now to create a zipped file with the currently available log files.

     Click Save to save the archiving options, if you have changed them. Click Close to close the Archive Settings box. 

    Note:

    The currently active log files (i.e., logs not yet archived) will be stored in the <Firewall Analyzer Home>/server/defaul/tarchive/localhost/hot directory. The archived log files (i.e., logs archived as according to the archive settings) will be stored in the <Firewall Analyzer Home>/server/default/archive/localhost/cold directory. The archived log files loaded into database for analysis will be stored in the Warm directory. The log files will be stored in the <Firewall Analyzer Home>/server/default/archive/localhost/warm directory for 1 day and after that the log files will be purged.

    How to change the Firewall Analyzer's Indexes to new folder/server

    • Go to Archive Settings page.
    • Enable Change Raw Logs Archive Location check box.
    • Modify the Log Archive Location to the new location and save.
    • Move all the directories from previous location (i.e., \MangeEngine\OpManager\server\default\archive\folder) to the new location.

     Copy paste alone will not be enough to populate data in 'raw logs' section. To get data in 'raw logs' section you need to update values of below columns in the database.

    1. pathvalue column of pathinfo table
    2. filename column of faarchivedfiles table

    If you do RAW search you will see 2 sections. One is Formatted logs and the other one is Raw logs. We retreive data from indexes folder to display Formatted logs data and archive folder to display Raw logs data.