Security Analytics and Logging (OnPrem) General Troubleshooting Information

On the Manager, the following log file contains troubleshooting information related to Security Analytics and Logging (OnPrem):

• /lancope/var/logs/sal_preinstall.log - information specific to the app installation process

On the Flow Collector, the following log files contain troubleshooting information related to Security Analytics and Logging (OnPrem) Data Store deployment:

• /lancope/var/sw/today/logs/sw.log - information specific to telemetry logging

• /lancope/var/logs/containers/svc-db-ingest.log - information specific to event ingestion and the database

Security Analytics and Logging (OnPrem) Configuration Using Flow Collector Advanced Settings (Data Store Only)

If you configured your Flow Collector(s) to not store Firewall Logs during First Time Setup, you can update your ingest settings using the Flow Collector Advanced Settings page. To access Advanced Settings:

1. Log in to your Flow Collector (formerly known as Appliance Administration (Admin) interface).

2. Click Support > Advanced Settings.

3. In the enable_sal field, enter 1 to enable ingest of Firewall event logs.

4. If you want to change the port for Firewall logs, enter the new value in the sal_syslog_port field (default port is 8514).

5. Click Apply and then click OK.