fw mergefiles

Description

Merges several Security log files ($FWDIR/log/*.log) into a single log file.

Merges several Audit log files ($FWDIR/log/*.adtlog) into a single log file.

Important:

  • Do not merge the active Security file $FWDIR/log/fw.log with other Security switched log files.

    Switch the activeClosed State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism. Security file $FWDIR/log/fw.log (with the fw logswitch command) and only then merge it with other Security switched log files.

  • Do not merge the active Audit file $FWDIR/log/fw.adtlog with other Audit switched log files.

    Switch the active Audit file $FWDIR/log/fw.adtlog (with the fw logswitch command) and only then merge it with other Audit switched log files.

  • This command unifies logs entries with the same Unique-ID (UID). If you rotate the current active log file before all the segments of a specific log arrive, this command merges the records with the same Unique ID from two different files, into one fully detailed record.

  • If the size of the final merged log file exceeds 2GB, this command creates a list of merged files, where the size of each merged file size is not more than 2GB.

    The user receives this warning:

    Warning: The size of the files you have chosen to merge is greater than 2GB. The merge will produce two or more files.

    The names of merged files are:

    • <Name of Merged Log File>.log

    • <Name of Merged Log File>_1.log

    • <Name of Merged Log File>_2.log

    • ... ...

    • <Name of Merged Log File>_N.log

Syntax

fw [-d] mergefiles {-h | -help}

fw [-d] mergefiles [-r] [-s] [-t <Time Conversion File>] <Name of Log File 1> <Name of Log File 2> ... <Name of Log File N> <Name of Merged Log File>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

{-h | -help}

Shows the built-in usage.

-r

Removes duplicate entries.

-s

Sorts the merged file by the Time field in log records.

-t <Time Conversion File>

Specifies a full path and name of a file that instructs this command how to adjust the times during the merge.

This is required if you merge log files from Log Servers configured with different time zones.

The file format is:

<IP Address of Log Server #1> <Signed Date Time #1 in Seconds>
<IP Address of Log Server #2> <Signed Date Time #2 in Seconds>
... ...

Notes

  • You must specify the absolute path and the file name.

  • The name of the time conversion file cannot exceed 230 characters.

<Name of Log File 1> ... <Name of Log File N>

Specifies the log files to merge.

Notes:

  • You must specify the absolute path and the name of the input log files.

  • The name of the input log file cannot exceed 230 characters.

<Name of Merged Log File>

Specifies the output merged log file.

Notes:

  • The name of the merged log file cannot exceed 230 characters.

  • If a file with the specified name already exists, the command stops and asks you to remove the existing file, or to specify another name.

  • The size of the merged log file cannot exceed 2 GB. In such scenario, the command creates several merged log files, each not exceeding the size limit.

Example - Merging Security log files

[Expert@HostName:0]# ls -l $FWDIR/*.log
-rw-rw-r-- 1 admin root 189497 Sep  7 00:00 2019-09-07_000000.log
-rw-rw-r-- 1 admin root  14490 Sep  9 09:52 2019-09-09_000000.log
-rw-rw-r-- 1 admin root  30796 Sep 10 10:56 2019-09-10_000000.log
-rw-rw-r-- 1 admin root  24503 Sep 10 13:08 fw.log
[Expert@HostName:0]#
[Expert@HostName:0]# fw mergefiles -s $FWDIR/2019-09-07_000000.log $FWDIR/2019-09-09_000000.log $FWDIR/2019-09-10_000000.log /var/log/2019-Sep-Merged.log
[Expert@HostName:0]#
[Expert@HostName:0]# ls -l /var/log/2019-Sep-Merged.log*
-rw-rw---- 1 admin root 213688 Sep 10 13:18 /var/log/2019-Sep-Merged.log
-rw-rw---- 1 admin root   8192 Sep 10 13:18 /var/log/2019-Sep-Merged.logLuuidDB
-rw-rw---- 1 admin root     80 Sep 10 13:18 /var/log/2019-Sep-Merged.logaccount_ptr
-rw-rw---- 1 admin root   2264 Sep 10 13:18 /var/log/2019-Sep-Merged.loginitial_ptr
-rw-rw---- 1 admin root   4448 Sep 10 13:18 /var/log/2019-Sep-Merged.logptr
[Expert@HostName:0]#