Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
681 Views 9 Replies Latest reply: Sep 10, 2013 8:31 AM by PhilM RSS
kdesnayer Newcomer 52 posts since
Oct 14, 2010
Currently Being Moderated

Aug 13, 2013 8:52 AM

Rolled Audit logs not available in GUI or CLI

Anyone ever experience a situation where you can view the last 24 hours of logs in the GUI but once the audit.raw file gets rolled it can not be viewed on the firewall GUI or CLI.   The audit.raw.date.date.gz files are there and I can export them onto another firewall to read them, so the files are not corrupt.

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Aug 13, 2013 8:54 AM (in response to kdesnayer)
    Re: Rolled Audit logs not available in GUI or CLI

    That is interesting. I dont know if I've seen that. What happens when you try to run "showaudit <filename>" on the original firewall (does it display)?

     

    Is the type enforcement correct?

     

    ll audit.raw*

     

    -Matt

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Aug 13, 2013 1:49 PM (in response to kdesnayer)
    Re: Rolled Audit logs not available in GUI or CLI

    I just had a thought. The GUI seems to look for files that start with audit, do you have any files in /var/log that start with audit and are not binary audit files? Perhaps an ascii audit file that you collected or something else?

     

    -Matt

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009
    Currently Being Moderated
    5. Aug 13, 2013 2:07 PM (in response to kdesnayer)
    Re: Rolled Audit logs not available in GUI or CLI

    Hmm, looks good to me. Perhaps someone else on here has a thought.

     

    Otherwise I think it would make sense to do a remote session with Support. I'm sure they can figure it out.

     

     

    -Matt

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009
    Currently Being Moderated
    6. Aug 13, 2013 2:19 PM (in response to mtuma)
    Re: Rolled Audit logs not available in GUI or CLI

    Ahh, ok, I just found out that this is a known issue (thought it sounded familiar).

     

    There is an engineering patch available, which you can get by contacting support. The next patch (8.3.2) will contain the fix as well, but I dont have a date for it's release.

     

    -Matt

  • oserag Newcomer 1 posts since
    Aug 4, 2013
    Currently Being Moderated
    8. Sep 10, 2013 3:21 AM (in response to kdesnayer)
    Re: Rolled Audit logs not available in GUI or CLI

    Hello, i have the same issue and i need to know which patch is needed to be installed Patch 8.3.1P01, Patch 8.3.1P02 or Patch 8.3.1P03 as version 8.3.2 is not yet released.

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    9. Sep 10, 2013 8:31 AM (in response to oserag)
    Re: Rolled Audit logs not available in GUI or CLI

    As Matt has mentioned the pre-8.3.2 fix is included in an engineering (E) patch not a normal (P) patch.

     

    You will need to raise a service request with your problem and McAfee Support will issue the patch to you directly.

     

    -Phil.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points