SOLVED

View on-premise log collector files

New Contributor

Hi,

 

I set-up continuous reports with an on-premise docker container.  It works but MCAS is always rejecting my log format.  I'm using Firepower 64 log source and I noticed we are not sending the same date format (when fixing the log manually with the date format that MCAS likes, it succeed.).  So I'm rewriting the date format in syslog on the source but it is still failing.  Is there a way I can see the files that are sent to MCAS on the log collector ? Where are they stored ?

1 Reply
best response confirmed by SylvainH (New Contributor)
Solution

I finally got the answer to this thru another channel so I'm posting it here in case someone else has that question in the future.

 

docker exec -it <container name> /bin/bash

This will open a console for you, from which you can go the directory where the logs are located:

cd /var/adallom/syslog/portNumber

​Or

/var/adallom/syslog/rotated/portNumber

 

You can also check the status of the container:

docker exec ContainerName /etc/adallom/scripts/collector_status -p

www.000webhost.com