Chapter 12 -logging

Chapter 12 -logging
Tab called logs

Event Logs
system>>Logs/ monitoring
event logs system events

User Access log

Admin Access log is for admin items and changes

Sensor Log will be for events reported by the IDP.

Levels of logging.
Critical - is when the ADMIN cannot get in or most subsystems
Major - is when you lose some subsystems.
Minor - are individual request failures.
Info  - when a user request is done or a modification to the device.

Each log has settings you can set as to what to log.
You can also set the size of the log.

In general you can also log externally.
syslog servers
You can set up filters and the format you want to use.
Standard
WELF
W2C
WELC-2.0 can add queries.

You can create custom log filters and apply them to the data being sent
A filter can set up the Query you want to run on the data.

In the log if you click an item it will filter it to a dynamic presentation.

You can also enable CLIENT logs
on the host checker
{}host checker.


System Status Dashboard
allows you to get a quick view.
Build
Config
logging disk
license and how many users are in.
memory and CPU.

SNMP tab.
You can download the MIB and install it.
You can set up traps.
You can enter the community.
The traps will be for what you select in the checkbox and you can specify to send major or critical events.

Statistics TAB
will show you a stat display by day/time.

Troubleshooting
Reachability  (ping trace)
TCP dump
Event log - we talked about that.
Firewall Enforcer logs.

On the TOOLS you will have the reachability items.
ping
traceroute
nslookup fpr servers
ARP to find out MAC
RRTS  round trip response times.

same place TP dump
will get all the TCP running on a port. - Basically sniffing.
You can output it to RAW or human readable which is more like WireShark.

On the Events >Log
we can see some tips on reasons.

To get Firewall Enforcer data we need to switch to the Firewall.
set services unified-access-control traceotions file   ac1_trace.log
set services unified-access-control traceotions flag all

this will flag all events to the tracelog file which we can then open up and read.



Troubleshooting the USER interactions
You can turn on
{}Radius diagnostic logging.
and set up the size of it.

In maintenance > User Sessions > policy tracing
you can set up what events to log on for the MAG policy
you record it and then you view the LOG

To troubleshoot the IPSEC use
the logs on the Firewall enforcer
show log kmd

archiving Files
there is an option to archive your files.
You send them using SCP  which is similar to ftp
You select what you want to archive and send it to an IP
either an archiving server or a local backup of the file.
This is all in Maintenance.

from the WEBui  you can also export the configuration / users
You can also import.
You simply select the TARGET.

JTAC tools
TroubleShooting > System Snapshot
Remote Debugging allows the JTAC to access the system.
open a case from the support website.


View user Role assignment with the policy trace
See if you can reach items using the Troubleshooting >Tools
Exporting configuration files is in BINARY mode.