Edge SWG (Formerly ProxySG) Access log failed to upload to a remote server
search cancel

Edge SWG (Formerly ProxySG) Access log failed to upload to a remote server

book

Article ID: 165323

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS ISG Proxy

Issue/Introduction

Access-log upload to FTP or any other server stops functioning

Resolution

If there is a communication error between Edge SWG and FTP (File Transfer Protocol) server, the access log gets accumulated on disk until it reaches 20GB. The default behavior of Edge SWG is to stop logging if the sum of all log sizes reaches 20GB. To resume the access-log upload, check the following:

  1. Verify the Edge SWG Upload client configuration
    •  Goto Configuration -> Access Logging -> Logs -> Upload Client and ensure FTP service and accounts are correctly configured. Use the "Test Upload" button to verify the connectivity between SG and remote server.
  2. Check the maximum size of each remote file setting
    • If under Statistics > Access Logging > Upload Status, the upload client shows as disabled, it could be because the logs have rotated to a size larger than what is permitted to upload. The settings for maximum file size are found under Configuration > Access Logging > Logs > General Settings.
    • Look under /Accesslog/directory for the log in question. By clicking on the log in question, you can see all the rotated files, and the size, listed in bytes. Find the largest file, and make sure the setting under maximum file size is larger than than.
  3. Check the access log size on Edge SWG
    •  Goto Statistics -> Access Logging -> Log Size. If the logging has stopped due to disk full, you will see the highlighted message.

To reinitialize access logging after it has exceeded its disk capacity:

  1. Go to https://appliance_ip_address:8082/Accesslog/directory/ and download the logs to back up the data.
  2. Go to the CLI (Command line interface) and delete the log files.
    • For example, to delete the log files listed under "Main" use the following CLI commands:
      • #(config)access-log
      • #(config access-log)edit log main
      • #(config log main)commands delete-logs
  3. Go to Configuration > Access Logging > General and uncheck Enable Access Logging and click Apply.
  4. Click on Enable Access Logging and click Apply.
  5. Go to Configuration > Access Logging > Logs > Upload Client and click Test Upload.
  6. Go to the event log and verify that the access log uploaded successfully.

Additional Information

May see "Access log upload already is in progress for log main" when try to force upload.  

May not see the above error clear until the logs are deleted as illustrated in Resolution section.

Powered by Wolken Software