|Applies to Product:||USM Appliance™||AlienVault OSSIM®|
Raw logs can be exported as a text file for offline analysis, backup storage, or for evidence.
To export raw logs from the USM Appliance web UI<![CDATA[ ]]>
- Go to Analysis > Raw Logs and search for the raw log related to the alarm you are investigating.
- After filtering your results with the search, click Exports.
If you have never exported any raw log files before this, USM Appliance displays, No export files found.
Select either Screen Export or Entire Export.
- Screen Export exports only the entries displayed on the screen.
- Entire export exports the entire search result. When you select this, USM Appliance limits the export to 249,999 logs.
After selecting the logs you want exported, click the Download icon.
Important: The Logger stores all timestamps in UTC timezone format internally, so all exports will be formatted accordingly. This is important to consider for raw log storage, search tools, and raw log backup, as the timestamps and dates on disk will follow this protocol.
For example, an security event recorded on January 20, 2017 at 22:00 EST (GMT-5) will be stored internally on disk in file located in /var/ossim/logs/2017/01/21/03/sensor_ip/timestamp-for-logfile.log