View the firewall log

  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi everyone,Im a newbie with aerohive product, how actually to view the log for firewall rule after we enabled it. Thanks in advance.
Photo of Mohd Hafiz

Mohd Hafiz

  • 13 Posts
  • 1 Reply Like

Posted 5 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
This is not possible today in a friendly way.

You may wish to vote on the following idea:

http://community.aerohive.com/aerohive/topics/realtime_firewall_logging

Show log may meet your needs, however.
Photo of Mohd Hafiz

Mohd Hafiz

  • 13 Posts
  • 1 Reply Like
Thanks for the reply Nick,

Im noticed that we can enable logging at the Firewall configuration on dropped packet, but i dont see the log except from "show log". Is there any other way?
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
The "Show Log" option is OK for small deployments but for large deployments I always download the logs from the specific access point:

1. Go to the “All Devices” screen (Monitor -> All Devices).

2. Place a tick in the checkbox to the left of the access point you need the layer seven firewall logs from.

3. Click on the “Utilities...” button and select “Get Tech Data” from the drop down menu.

4. You can now download the technical data in a file called device_support_logs.tar.gz.

5. When you extract the device_support_logs.tar.gz file you will get two new .tar.gz files:

* device_crash_logs.tar.gz
* device-tech-logs.tar.gz

6. Extract the device-tech-logs.tar.gz file.

7. You will now have a new file called [AP Ethernet MAC Address].tar.gz. Extract this file.

8. Inside the “core_dumpxx” folder will be the required show_tech_result.txt file.

9. View the show_tech_result.txt file using WordPad.

The firewall logs are at the start of the file.
Photo of Mike Bailey

Mike Bailey

  • 1 Post
  • 0 Reply Likes
I follow the above directions, and untar a file called device_diagnosis_log.tar.gz. When I try to gunzip it it squawks that the file is not gzip format. The output of a file command states it is  "openssl enc'd data with salted password" ?

Which password is used to decrypt the file(s) ....  
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I have tested the process again with HiveManager Online.  Are you using HiveManager NG?

If you are fault finding try the following:

  • SSH into the access point
  • Execute a clear log buffered command.  This clears the logs buffered in the access point.
  • Complete whatever process you are trying to fault find
  • Execute a show log buffered | include xxxxx command where xxxxx is the client's IP address or MAC address.