fw mergefiles

Description

Merges several input log files into a single log file.

The command supports merging of the Security log files (*.log) and Audit log files (*.adtlog).

Notes:

Do not merge the active Security file $FWDIR/log/fw.log with other Security switched log files. Switch the active Security file $FWDIR/log/fw.log and only then merge it with other Security switched log files. See fw logswitch.
Do not merge the active Audit file $FWDIR/log/fw.adtlog with other Audit switched log files. Switch the active Audit file $FWDIR/log/fw.adtlog and only then merge it with other Audit switched log files. See fw logswitch.
This command unifies logs entries with the same Unique-ID. If a log switch was performed before all the segments of a specific log were received, this command merges the log entries with the same Unique-ID from two different files, into one fully detailed record.

Syntax

fw [-d] mergefiles [-s] [-r] [-t <Time Conversion File>] <Name of Log File 1> <Name of Log File 2> ... <Name of Log File N> <Name of Merged Log File>

The order of the parameters in the syntax is important. The name of the merged log file is always the last parameter.

Parameters

Parameter	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself.
`-s`	Sorts the log entries in the merged log file by the time field.
`-r`	Removes duplicate entries from the merged log file.
`-t <`Time Conversion File`>`	Specifies the file with time conversion information. This is required if you merge log files from Log Servers configured with different time zones. This information is used to adjust the time of log records from different time zones. The file format is as follows: `<IP Address of Log Server 1> <Signed Date Time in Seconds>` `<IP Address of Log Server 2> <Signed Date Time in Seconds>` `... ...` Notes: You must specify the absolute path and the file name. The name of the time conversion file cannot exceed 230 characters.
`<`Name of Log File N>	Specifies the log files to merge. Notes: You must specify the absolute path and the name of the input log files. The name of the input log file cannot exceed 230 characters.
`<`Name of Merged Log File`>`	Specifies the output merged log file. Notes: The name of the merged log file cannot exceed 230 characters. If a file with the specified name already exists, the command stops and asks you to remove the existing file, or to specify another name. The size of the merged log file cannot exceed 2 GB. In such scenario, the command creates several merged log files, each not exceeding the size limit.

Example 1 - Merging Security log files

[Expert@MGMT]# fw mergefiles -s -r $FWDIR/log/2018-06-06_000000.log $FWDIR/log/2018-06-05_000000.log /var/log/Merged_FireWall_Log.log

[Expert@MGMT]#

Example 2 - Merging Audit log files

[Expert@MGMT]# fw mergefiles -s -r $FWDIR/log/2018-06-06_000000.adtlog $FWDIR/log/2018-06-05_000000.adtlog /var/log/Merged_Audit_Log.adtlog

[Expert@MGMT]#