Start WinSCP and connect to the Sophos UTM.Since we can connect to the Active node directly, we can use WinSCP to retrieve the file and copy it to our local Windows machine. The Master node now has a copy of the log file we need. Once the file has been copied to the new location, you can access it directly. You can copy the file to the Master with the following command. To determine the IPs, use the following command and look at the "inet" value. The IP address you are going to copy the file to will be 198.19.250.1 or 198.19.250.2 as these are internal addresses of the cluster nodes. to interrogate the files, but you will probably want to copy the file off a box for further analysis, especially if you are dealing with a large file. You can use Linux tools such as cat/ tail / less etc. Here you will see the list of log files that are on the Slave node. Change to the log folder with cd/var/log and check the file content and size with ls -s.Specify the password associated with loginuser.Connect through to the Slave node using ha_utils ssh.Elevate yourself to root with su - and specifying a password.Using Putty, SSH to the Sophos UTM cluster and log in with the loginuser account.Navigate to Management | System Settings | Shell Access and enable shell access on the Sophos UTM.We will make use of an internal utility to access the Slave. Connect to the Sophos UTM cluster Slave nodeīy default, you can only connect to the Master (or Active) node. This guide will show how to connect to the Slave node, copy the file to the Active/Master node and then to your local machine. I have also observed situations where the log replication between nodes fails, and the only way to get to the log data is to retrieve it from each node individually. Interestingly, this is important because those log files can contain information about the cause of the failure. In this case, it may be necessary to retrieve log files from a UTM cluster Slave node.įrom the WebUI, there is no method to view the files on the Slave device. The Slave will become active and continue to be the Master. If the Master fails, it may not sync all the log data to the Slave node. This normally means that the log files on the Master and the Slave are the same, and retrieving the file from either of these is sufficient. When you have an active-passive Sophos UTM cluster, the configuration is synchronized between the nodes including logs files.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |