View Event Log Using The Command Line Interface
search cancel

View Event Log Using The Command Line Interface

book

Article ID: 165912

calendar_today

Updated On: 06-13-2024

Products

ProxySG Software - SGOS

Issue/Introduction

Normally, you can see real-time event log using the management console, or the Advanced URL on the Edge SWG (ProxySG) appliance. In case the management console is not available or is slow, you can access the CLI to view event logs.

Use the command "show advanced-url /Eventlog/fetch=0xFFFFFFFF" to view the event log.

Example 1:

Blue Coat SG#
Blue Coat SG#show advanced-url /Eventlog/fetch=0xFFFFFFFF
Log fetch with filter 0xffffffff at Fri Jan 21, 2011 10:11:36 UTC
2011-01-18 02:31:53+07:00ICT  "Event log rotated"  0 370005:96   ../log_main.cpp:721
2011-01-18 02:32:22+07:00ICT  "Access Log FTP (main): Couldn't connect control socket to primary server x.x.x.x"  3C E000A:1   ../alog_ftp_client.cpp:155
2011-01-18 02:32:22+07:00ICT  "Access Log FTP (main): Couldn't connect to primary server"  3C E000A:1   ../alog_ftp_client.cpp:174
2011-01-18 02:32:22+07:00ICT  "Access Log (main): Unable to connect to remote server for log uploading"  0 E0008:1   ../alog_facility_impl.cpp:2726
2011-01-18 02:33:21+07:00ICT  "Access Log FTP (main): Connecting to primary x.x.x.x server 1x.x.x.x."  0 E0000:96   ../alog_ftp_client.cpp:110
2011-01-18 02:33:39+07:00ICT  "Snapshot sysinfo_stats_2min has fetched /sysinfo-stats"  0 2D0006:96   ../snapshot_worker.cpp:214
2011-01-18 02:33:39+07:00ICT  "Snapshot CPU_Monitor has fetched /Diagnostics/CPU_Monitor/Statistics/Advanced"  0 2D0006:96   ../snapshot_worker.cpp:214
2011-01-18 02:34:36+07:00ICT  "Access Log FTP (main): Couldn't connect control socket to primary server x.x.x.x"  3C E000A:1   ../alog_ftp_client.cpp:155
2011-01-18 02:34:36+07:00ICT  "Access Log FTP (main): Couldn't connect to primary server"  3C E000A:1   ../alog_ftp_client.cpp:174
2011-01-18 02:34:36+07:00ICT  "Access Log (main): Unable to connect to remote server for log uploading"  0 E0008:1   ../alog_facility_impl.cpp:2726
2011-01-18 02:35:35+07:00ICT  "Access Log FTP (main): Connecting to primary x.x.x.x server x.x.x.x."  0 E0000:96   ../alog_ftp_client.cpp:110
Blue Coat SG#

Example 2: To view the event log for a specific duration( this example shows how to get event logs for 30 minutes duration)

Syntax: #show event-log start "YYYY-mm-dd HH:MM:SS" end "YYYY-mm-dd HH:MM:SS"

Blue Coat SG-VA Series#show event-log start "2022-08-09 11:00:00" end "2022-08-09 11:30:00"
2022-08-09 11:00:07-00:00UTC  "Snapshot sysinfo_stats has fetched /sysinfo-stats"  0 2C0006:96  snapshot_worker.cpp:237
2022-08-09 11:00:16-00:00UTC  "SSH: Received disconnect from x.x.x.x: 11:  (user="management-center")"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:00:16-00:00UTC  "SSH: Transferred: sent 12176, received 2920 bytes"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:00:16-00:00UTC  "SSH: Closing connection to x.x.x.x port 53890 (user="management-center")"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:01:35-00:00UTC  "SSH: Success: session established, protocol ssh-2"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:01:35-00:00UTC  "SSH: Postponed, login-authentication "publickey", user "management-center", realm "rsa_pkx", from x.x.x.x, port "44746", protocol "ssh2" "  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:01:35-00:00UTC  "SSH: Accepted, login-authentication "publickey", user "management-center", realm "rsa_pkx", from x.x.x.x, port "44746", protocol "ssh2": RSA SHA256:TRsxKnUnJxMyL0WiECAEwaAlK7z66MroGZGH4UgUv1c"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:02:47-00:00UTC  "SSH: Received disconnect from x.x.x.x: 11:  (user="management-center")"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:02:47-00:00UTC  "SSH: Transferred: sent 12144, received 2920 bytes"  0 45000C:96  sgos_log.cpp:150
2022-08-09 11:02:47-00:00UTC  "SSH: Closing connection to x.x.x.x port 44746 (user="management-center")"  0 45000C:96  sgos_log.cpp:150
seed successful"  0 300000:92022-08-09 11:22:10-00:00UTC  "Master DRBG re6  cf_main.cpp:119

Blue Coat SG-VA Series#

Resolution

Other options available with event-log command.

Blue Coat SG-VA Series#show event-log ?
 configuration                Show event log configuration
 notifications                Show event log notifications
 syslog                       Show event log syslog configuration
 <Enter>                         Show entire event log
 [start "[YYYY-mm-dd] [HH:MM:SS]"] [end "[YYYY-mm-dd] [HH:MM:SS]"] [substring <string> | regex <expression>]] | tail [<count>]

Powered by Wolken Software