Forum Discussion
View on-premise log collector files
Hi,
I set-up continuous reports with an on-premise docker container. It works but MCAS is always rejecting my log format. I'm using Firepower 64 log source and I noticed we are not sending the same date format (when fixing the log manually with the date format that MCAS likes, it succeed.). So I'm rewriting the date format in syslog on the source but it is still failing. Is there a way I can see the files that are sent to MCAS on the log collector ? Where are they stored ?
I finally got the answer to this thru another channel so I'm posting it here in case someone else has that question in the future.
docker exec -it <container name> /bin/bash
This will open a console for you, from which you can go the directory where the logs are located:
cd /var/adallom/syslog/portNumber
Or
/var/adallom/syslog/rotated/portNumber
You can also check the status of the container:
docker exec ContainerName /etc/adallom/scripts/collector_status -p
1 Reply
I finally got the answer to this thru another channel so I'm posting it here in case someone else has that question in the future.
docker exec -it <container name> /bin/bash
This will open a console for you, from which you can go the directory where the logs are located:
cd /var/adallom/syslog/portNumber
Or
/var/adallom/syslog/rotated/portNumber
You can also check the status of the container:
docker exec ContainerName /etc/adallom/scripts/collector_status -p