SysMaint: Search and Export Historical Logs

Document created by RSA Information Design and Development on Jul 29, 2016Last modified by Susan Ewald on Nov 1, 2016
Version 2Show Document
  • View in full screen mode
 

Security Analytics provides a searchable view of the Security Analytics log or the service log in a paged format. When initially loaded, the grid shows the last page of the log entries for the system or the service. You can export logs from the current view.

Display the Historical System Log

To display the historical log for the system:

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select System Logging.
    The System Logging panel is opened to the Realtime tab by default.
  3. Click the Historical tab.
    A list of historical logs for the system is displayed.

    SysLogHst.png

Display a Historical Service Log

To display the historical log for services:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a service.
  3. In the Actions column, select View > Logs.
    The service logs view is displayed with the Realtime tab open.
  4. Click the Historical tab.
    A list of historical logs for the selected service is displayed.
    AdmSvcsHst.PNG

Search Log Entries

To search the results shown in the Historical tab:

  1. (Optional) Select a Start Date and End Date. Optionally, select a Start Time and End Time.
  2. (Optional) For system and service logs, select a Log Level and a Keyword, or both. System logs have seven log levels. Service logs have only six log levels because they do not include the TRACE level. The default is ALL log entries.
  3. (Optional) For service logs, select the Service: host or service.
  4. Click Search.  
    The view is refreshed with the most recent 10 entries matching your filter. As new matching log entries become available, the view is updated to show those entries.

Show Details of a Log Entry

Each row of the Historical tab Log grid provides the summary information of a log entry. To display all the details for a log message:

  1. Double-click a log entry. 
    The Log Message dialog, which contains the Timestamp, Logger Name, Thread, Level and Message, is displayed.
    service_log_msg.PNG
  2. After viewing, click Close.
    The dialog closes.

Page Through Log Entries

To peruse the different pages of the grid, use the paging controls on the bottom of the grid as follows:

  • Use the navigation buttons
  • Manually type the page number you want to view, and press ENTER.

Export a Log File

To export the logs in the current view:

Click Export, and select one of the drop-down options, CSV Format or Tab Delimited.
export_log_options.png
The file is downloaded with a filename that identifies the log type and the field delimiter. For example, a Security Analytics system log exported with comma-separated values is named UAP_log_export_CSV.txt, and a host log exported with tab-separated values is named APPLIANCE_log_export_TAB.txt.

Attachments

    Outcomes