Skip to main content
McAfee MVISION Cloud

Internal : Inhouse CAA logs processing

Please find the below steps that we perform to process CAA logs.

1. The customer CAA uploads log file every day to SFTP server( Each day we receive one zip file.
2. This SFTP server jblaircaa is synced locally to the location in
3. is a Linux VM we use to process CAA logs( Kindly create a OPS Jira ticket to get access to this Machine).
4. under VM we have a script that rsyncs the logs from jblaircaa server. This file can be found under "/shn/caalp/script"
5. Enterprise connector is installed Under "/shn/caalp-test/".

The script "/shn/caalp/script/" rsyncs all the files and places them under "/shn/caalp/rsync/uploads". This is the location where EC fetches the files and process them. The script uses "Hemanth" SSH keys to scp the logs. This script is run in the Crontab once every day. This can be found by using the command "crontab -l"

I have also setup Email notification sent to "" once the Rsync command runs for downloading the logs. This will notify me if the script is running fine. We can add an email address to the notification from crontab. Please find the below cronjobs that runs every day

00 14 * * * /shn/caalp/script
00 15 * * * /usr/bin/find /shn/caalp/logs/ -print -exec  ls -l {} \; 2>&1 | /usr/bin/mail -s "** logs in /shn/caalp/logs **"
00 15 * * * /usr/bin/find /shn/caalp/rsync/uploads/ -print -exec  ls -l {} \; 2>&1 | /usr/bin/mail -s "** logs in /shn/caalp/rsync/uploads **"
00 15 * * * find /shn/caalp/logs/ -mtime -1 -type f -print -exec ls -lh {} \; 2>&1 | /usr/bin/mail -s "** logs in /shn/caalp/logs **"
00 15 * * * find /shn/caalp/rsync/uploads -mtime -1 -type f -print -exec ls -lh {} \; 2>&1 | /usr/bin/mail -s "** logs in /shn/caalp/rsync/uploads **"

Please find the troubleshooting steps if we see Inactivity for the tenant.

1. Check if the EC is running under /shn/caalp-test directory

  • cd /shn/caalp-test
  • ./shnlps status

2. If the EC is running fine, then we need to check if the logs are being downloaded by the script under /shn/caalp/rsync/uploads.
3. Every file downloaded will have the timestamp of the log feed in the name. This will let us know if the latest logs are downloaded.
4. If the logs are not downloaded, then we need to check if the Script under /shn/caalp/script is running fine. If so, then we need to check if the SFTP server "jblaircaa" has the latest logs.

If you face any issues, then send an email to with your query.

  • Was this article helpful?