Views:

Follow these steps:

  1. Download virtual appliance logs from Vision One console.
    1. Log in to Trend Micro Vision One and switch to Service Gateway Management.

      Module state

    2. Choose your Service Gateway appliance and click it to go to the details page. Click Support.

      Module state

    3. Choose the time range and forward proxy service to collect log.

      Module state

      For this statistics, only forward proxy service is supported.

    4. Click Generate Log File and wait for the logs upload to notification center:

      Module state

  2. Download and then extract the logs package with "trend" and parse the logs:
    1. Extract package.

      Module state

    2. Check the file, access.log.

      Module state

    3. Refer to the log format to read the access log and check the agent connected with service gateway details.
      access log format
      
      1 Local time. Optional strftime format argument default %d/%b/%Y:%H:%M:%S %z
      2 Seconds since epoch
      3 Response time (milliseconds)
      4 Client source IP address
      5 request status (TCP_MISS/TCP_TUNNEL  etc)
      6 HTTP status code sent to the client (notes: if it is not 200, the connection is failure, should check network/firewall and so on)
      7 Total size of request received from client. Excluding chunked encoding bytes.
      8 Total size of reply sent to client (after adaptation)
      9 client guid, product name; client host name
      10 hierarchy status ( upsteam)
      11 Server FQDN or peer name
      12 MIME content type
      13 User-Agent
      14 HTTP status code received from the next hop
    4. Take the snap shot of the log. As shown in the example above, 10.206.139.224 is the agent IP, so you may check the agent details connected with this Service Gateway virtual appliance.