Export log entries

Log, alert, and audit data can be exported directly from the Logs view. Use the export command for large numbers of entries.

To schedule export tasks that are executed automatically, use the Log Data Tasks tool to export logs instead.

To export the data in a human-readable format, we recommend saving the entries in a .pdf or .html file instead. You can use this option when the exported data does not need further processing.

If you have defined an export banner, the text of the banner is added at the beginning of each exported HTML file to indicate that the export contains sensitive or classified data.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Logs.
  2. (Optional) To export only some of the entries that match your current Query, select some rows in the Records arrangement.
  3. Right-click one of the entries, then select Export > Export Log Events.
  4. Configure the settings, then click OK.

Result

The Task Status pane opens and shows the progress of the export.

Export Logs dialog box

Use this dialog box to export log, alert, and audit data.

Option Definition
File Export Format Select the format in which to export logs.
  • Export Archive ZIP — Saves the data in a compressed proprietary format for possible later use in this or some other SMC.
  • Export XML — Saves the data in XML format. XML logs are suitable for conversion to different formats, such as HTML, using external XML conversion tools. To produce the results you want, you can develop your own conversions.
  • Export CSV — Saves the data as a comma-separated value (CSV) file. CSV logs are suitable for reading and further processing in spreadsheets and other similar uses.
  • Export Short CSV — Saves a reduced set of the data as a comma-separated value (CSV) file. Use this format when exporting log data for the Cloud Discovery Tool.
  • Export CEF — Saves the data in common event format (CEF). CEF logs are suitable for converting data to syslog format.
  • Export LEEF — Saves the data in log event extended format (LEEF). LEEF logs are suitable for converting data to syslog format.
  • Export ESM — Saves the data in McAfee ESM format. McAfee ESM logs are suitable for converting logs to a syslog format that is compatible with McAfee Enterprise Security Manager.
  • Archive — Saves the data in an uncompressed proprietary format for possible later use in this or some other SMC.
Export Specify which logs to export:
  • Selected Logs — Exports only the selected entries.
  • Filtered Logs — Exports all entries that match the filter criteria specified in the Query pane of the Logs view.
Destination file Specify a name for the destination file that you can export either to:
  • Server ('export' Directory) — Exports to a file on the Log Server.

    Path: <installation directory>/data/export

  • Local Workstation — Saves the file on your computer.
For the Archive file export format, select one of the archive directories defined in the Log Server’s configuration file from the drop-down list.
If file already exists

(All formats except Archive)

If the file exists, specify what happens when a previous file with the same name exists in the same folder:
  • Append — The new data is inserted at the end of the existing file. This option is not supported for traffic recordings.
  • Overwrite — The previous file is replaced with the new export file.
  • Use Number in File Name — A number is added to the end of the new file’s name.
  • Fail Task — The operation is canceled.
Open file after export

(Local Workstation exports only)

When selected, the exported file opens in the operating system's default application for the file type after the export operation completes.