Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

    scio logview

    Syntax

    scio logview logfile

    Description

    The purpose of the scio logview utility is to allow you to troubleshoot issues with logging features. On the IDP Series device, you can use the scio logview utility to view contents of log files before the logs are forwarded to NSM. This way, if you suspect a problem with logging features, you can compare the device-side logs with the NSM-side logs.

    Note:

    • Run the scio logview utility from the /var/idp/device/logs/ directory.
    • Logs that have been read from the NSM Log Viewer get deleted from the IDP Series device, so typically there is not a large collection of logs in /var/idp/device/logs/.
    • Data includes only a subset of log columns: src ip, src port, dst ip, dst port, category, sub-category, attack id, severity, protocol, action, src interface, and details.
    • Packet logs cannot be displayed.

    Additional Information

    The following example commands show how to navigate to the logs directory, sort by date, and use the scio logview command to display contents of a recent log.


    [root@defaulthost ~]# cd /var/idp/device/logs/


    [root@defaulthost logs]# ls -lat | less
    drwx------  2 idp idp 69632 Aug  5 11:50 .
    -rw-------  1 idp idp  2788 Aug  5 11:50 1281034151.log
    -rw-------  1 idp idp   212 Aug  5 11:50 1281034242.log
    -rw-------  1 idp idp     0 Aug  5 11:50 1281034242.wait
    -rw-------  1 idp idp   384 Aug  5 11:49 1281034128.log
    -rw-------  1 idp idp  1232 Aug  5 11:48 1281034081.log
    -rw-------  1 idp idp  1680 Aug  5 11:47 1281034035.log
    -rw-------  1 idp idp   744 Aug  5 11:47 1281033989.log
    -rw-------  1 idp idp  1868 Aug  5 11:46 1281033942.log
    -rw-------  1 idp idp   952 Aug  5 11:45 1281033916.log
    -rw-------  1 idp idp   260 Aug  5 11:44 1281033804.log
    -rw-------  1 idp idp   260 Aug  5 11:43 1281033699.log
    -rw-------  1 idp idp   260 Aug  5 11:41 1281033590.log
    -rw-------  1 idp idp   260 Aug  5 11:39 1281033484.log
    -rw-------  1 idp idp   260 Aug  5 11:37 1281033386.log
    -rw-------  1 idp idp   148 Aug  5 11:36 1281033138.log
    

    [root@defaulthost logs]# scio logview 1281034242.log
    Log :Time Generated : Thu Aug  5 11:50:41 2010
     Source IP 0.0.0.0 Source Port :0 -> Destination IP 0.0.0.0 Destination Port :0
    Category Enum : attackid :805306379 Severity Enum :SC_LOG_SEVERITY_INFO
    Protocol Enum :0 Action :SC_LOG_ACTION_NOT_SET
    srcIface :  , Details :  Percentage of Control CPU usage last 5 minutes has restored below threshold and is at 57 [Simulation Mode]

    Published: 2011-02-08