Access Log upload from ProxySG to FTP is failing.
How to investigate this issue?
Access Logs are uploaded to the remote server over the network. The communication parameters and type is determined by the Upload Client configuration on ProxySG.
A network packet capture (PCAP) and Eventlog will prove helpful in investigating and isolating the issue -
1. Check the log upload configuration for the failing access log file :
2. Make sure there is no ongoing upload at the moment. Click on Cancel Upload to confirm ongoing uploads are cancelled.
3. Apply filter for packet capture based on the configuration parameters e.g. ip host <remote_FTP_IP> or port <remote_FTP_customport>
If the configuration is using a custom client and custom port to upload logs, ensure that these are used in filters so that correct traffic is captured.
4. Start the packet capture.
5. Click on Test Upload at Configuration -> Access Logging -> Logs -> Upload Client -> Test Upload. Note: Test Upload will work only when there is no ongoing upload for the same log.
6. Check the event log tail to verify the test completion and error for log upload failure.
7. Stop the packet capture and download the PCAP file.
8. Download the Eventlog.log file from the ProxySG appliance.
Once these files are downloaded, share them with the support representative so that further investigation can be done