You want to know how to extract the data stored in the IWSVA database to make it available for processing by a third party tool.
IWSVA stores all logs in raw format in the following location:
You can use a script for converting the data into a readable format. It is possible to process this data further but note that Trend Micro does not supply or support any tool for this purpose.
To convert the raw logs, use the following script:
if __name__ == '__main__':
i = open(sys.argv, 'rb')
data = zlib.decompress(i.read())
o = open(sys.argv, 'wb')
To use the script:
Save the script in /root with extension ".py".
For example: toraw.py
Run it using the following command:
python /root/<scriptname.py> <raw_log_file_name> <output_file_name.txt>
python /root/toraw.py /etc/iscan/commonlog_data/log_block/0/1445862900_6cbf95f2-7bde-11e5-bc6b-005056011094.log text.txt
To understand the format of the raw logs refer to /usr/trend/commonlog/config/schema/log_block/common_id.py.
Open the file common_id.py with a text editor to understand each entry that maps with the readable raw log.