Consolidating old logs in Eventia R61

[memnoch]

We have recently upgraded from NG AI R55 to NGX R61. We would like to consolidate the old logs and at the moment this is a very tedious, one log file at a time, manual process of the following:

Create new custom session
From a specific log file outside the sequence
Select the file
Then remove the session and rinse-repeat.

These doesn't seem to be an easy way to select either a batch of files or a specific time in the past. I have even looked at the command line but this doesn't look like it would help either.

Any suggestions most welcome. Thank you.

[chillyjim]

Script it using the CLI (remember to stop and remove the default consolidation session)


log_consolidator -R -e Yes -s <Log_Server_IP> -x Yes -o No -t Specified_Log -l <File_Name.log> -a Begin_of_Log -b <TABLE_NAME>

e.g.
log_consolidator -R -e Yes -s 192.10.11.12 -x Yes -o No -t Specified_Log -l 2005-12-23_111234_1.log -a Begin_of_Log -b MY_CONNECTIONS_TBL

[memnoch]

Thanks for that Chillyjim. I looked at the command template for it and don't remember seeing half those switches. I'll take another look on Monday when I'm back at work. The other option I had considered was 'fw mergefiles' and script that then use the GUI to bring in the single log file. Thanks again.

[memnoch]

That worked a treat. Thanks a lot. One last question, is this command fully documented anywhere on Check Points site? The reason I ask is as I mentioned before if you do 'log_consolidator /?' you get the following:

USAGE: log_consolidator -R -s LogServerIP [-g PV1Customer]
-R Run the Log Consolidator Engine process for a specific consolidation session.
-s The IP address of the Log Server to read logs from.
-g Optional: The name of the Provider-1 customer for which this session is running.

USAGE: log_consolidator -V
-V Show the Log Consolidator Engine version & build number.

USAGE: log_consolidator -C -m [ start | stop | terminate | exit] -s LogServerIP [-g PV1Customer] [-r Port]
-C Send a command to the to the log consolidator session as specified by LogServerIP and PV1Customer.
-m Command. The command can be one of the following:
start - Start a stopped Log Consolidator Engine session with the last configuration.
stop - Stop (shutdown) a started Log Consolidator Engine session and write all pending information to the database.
terminate - Force the Log Consolidator Engine to terminate the consolidation immediately and discard pending information.
exit - Exit the main Log Consolidator Engine process (discards pending information).
-s The IP address of the Log Server to read logs from.
-g Optional: The name of the Provider-1 customer for which this session is running.

USAGE: log_consolidator -L -s LogServerIP [-g PV1Customer] [-r log_consolidator Port]
Get log file information from the log server and write the results to $RTDIR/conf/<session>/logs_info.conf.

USAGE: log_consolidator -M -s LogServerIP [-g PV1Customer] [-r log_consolidator Port]
Get a consolidation session's status information.

USAGE: log_consolidator -X -s LogServerIP [-g PV1Customer]
Check if a consolidation session's process is currently running.

This doesn't show many of the switches that you detailed.

[chillyjim]

Quote:

Originally Posted by memnoch

That worked a treat. Thanks a lot. One last question, is this command fully documented anywhere on Check Points site?

Not a clue. I got the commands from an SE.