topic Re: Logging issues in R81.10 in Firewall and Security Management

Logging issues in R81.10

the_rock — Mon, 03 Oct 2022 14:01:52 GMT

Hey guys,

I hope someone might be able to shed some light about this. So, while back, I set up a lab with base R81, mgmt server + 2 single gateways and all works fine, no issues. I upgraded all to R81.10 and still going strong : -).

Now, the other week, to demonstrate R81.10 from scratch to a customer, I built brand new R81.10 (mgmt server + HA cluster) and all seems fine, except I see some odd issues with logging. For example, if I refresh the logs in dashboard, looks okay, but...say if I ping 8.8.8.8 from either cluster member, I can never see any logs, which is not the case in my other lab (works fine). I followed support sk's for this, rebooted many times, did fw logswitch, literally all the steps and still no luck.

I am totally at a loss why this would be happening, makes no logical sense to me.

If anyone can provide some suggestions, I would appreciate it. Anyway, its nothing urgent, since its a lab, but its really puzzling to me why its not working.

tx as always!!

Re: Logging issues in R81.10

PhoneBoy — Mon, 03 Oct 2022 16:23:51 GMT

Outbound traffic from the gateway is almost always handled through an implied rule that doesn't log, last I checked...

Re: Logging issues in R81.10

the_rock — Mon, 03 Oct 2022 16:28:30 GMT

Thanks @PhoneBoy . That makes sense, but then how come I see the log via right policy in my other lab?

Re: Logging issues in R81.10

PhoneBoy — Mon, 03 Oct 2022 16:41:14 GMT

Not sure, maybe the implied rules were changed?
Or perhaps there is a code changes that impacts this behavior somehow?

Re: Logging issues in R81.10

Abi — Mon, 03 Oct 2022 17:09:15 GMT

I hope you enable log in the rule that allows the traffic, my thought !

Re: Logging issues in R81.10

the_rock — Mon, 03 Oct 2022 17:30:51 GMT

I know even after 15 years it would be easy to forget, but it was enabled ;). I think @PhoneBoy is correct.

Re: Logging issues in R81.10

the_rock — Mon, 03 Oct 2022 17:31:26 GMT

Definitely no change in implied rules.

Re: Logging issues in R81.10

JozkoMrkvicka — Tue, 04 Oct 2022 05:52:47 GMT

Make sure the date and time are correctly configured on gateway and management (log server). You might see logs with huge delays while the date is not correct on one of devices. Best to use NTP to avoid issue.

Re: Logging issues in R81.10

the_rock — Tue, 04 Oct 2022 14:56:57 GMT

Thanks @JozkoMrkvicka , but that was not the issue, it was the first thing I checked actually. @PhoneBoy was 100% correct as usual...no offense to anyone else, but he is after all CP master/guru/legend/expert...whatever you want to call it :). I enabled to log implied rules and sure enough, it started to show logs to google dns right away. Funny enough, that option was NOT enabled in R81 and logs were showing actual rule number.