Monitor Log Processing Status using a Command Line Interface
Monitor Log Processing Status using a Command Line Interface
Monitor the status of a single log file by using the following commands:
status log-file-history: Provides details about when the log file was queued for processing, when the log completed processing, how many cloud events are extracted from the log, when the log was uploaded to the cloud, and how long processing took. It also shows any exceptions thrown during processing."support_tenant_sshkey.key": [ "queued at 2016-09-28 07:00:47.197000", "moved for processing at 2016-09-28 07:00:47.724000", "splitting started at 2016-09-28 07:00:49.062000", "splitting finished at 2016-09-28 07:00:49.303000", "completed parsing at 2016-09-28 07:00:59.622000", "completed uploading to cloud at 2016-09-28 07:01:06.831000", "extracted 0 events from 27 lines", "no of sessions is 0", "time taken = 0:00:19.634000" ],status log-file-history summary <no of days>: Provides a one-line summary of all the log files processed on the OPLP. You can specify the number of days as an input. For example, if you want to see the status of logs processed in the last 3 days, use the command:status log-file-history summary 3
which returns the log file name, when it was found, and its status:
status log-file-history summary 1 { "ip2user_mapping.csv found at 20150330 22:06:12.415000 and its moved for processing", "user2canonical_mapping.csv found at 20150330 22:06:12.457000 and its moved for processing", "asa_Mon_14.log found at 20150330 21:40:18.976000 and and its parsing is complete", "asa_Mon_15.log found at 20150324 23:00:25.628000 and and its parsing is complete", }status log-file-history filename <name of the log file>: Provides details about when the log file was queued for processing, when the log completed processing, how many cloud events are extracted from the log, when the log was uploaded to the cloud, and how long processing took. It also shows any exceptions thrown during processing.status log-file-history filename asa_Tue_14.log { "asa_Tue_14.log": "queued at 20150324 21:40:18.977000", "moved for processing at 20150324 21:40:19.032000", "completed parsing at 20150324 21:40:58.683000", "extracted 1 events from 1 lines", "time taken = 0:00:39.706000", }
To clear specific alerts, use the following command:
troubleshooting monitoring clear-unfinished-files
This command removes the following alerts:
- Log_Process-5a
- Log_Process-5b
- Log_Process-5c
- Files_not_picked_up_24_hrs
- Files_not_picked_up_48_hrs
- Files_not_uploaded_24_hrs
- Files_not_uploaded_48_hrs.
The appliance and the Netskope tenant UI generate metrics alerts with the various system metrics. If you do not want to view metrics alerts, you can disable them. Use the following command in configuration mode:
appliance> configure Entering configuration mode appliance(config)# set metrics enable false
