Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Is it possible to log out of state packets only for system running 77.30?

I have MDS version 80.10 and Gateways running 77.30 with multiple VFs. I was hoping to log all out of state packets received by the firewall to be logged? Is there an inspect command that can help us achieve that?

Regards, 

KS. 

5 Replies
Highlighted
Pearl

On Firewall Management: fwm logexport -n -p | grep state

On Firewall Gateway: fw ctl zdebug drop | grep state

# fwm logexport -help

Usage:
fwm logexport [-d delimiter] [-i filename] [-o filename] [-f|-t] [-x start_pos] [-y end_pos] [-z] [-n] [-p] [-a] [-u unification_scheme_file] [-m (initial|semi|raw)]
Where:
-d - Set the output delimiter. Default is ';'.
-i - Input log file name. Default is the active log file, fw.log.
-o - Output file name. Default is printing to the screen.
-f - Only in case of active log file - Upon reaching end of file, wait for new records and export them as well.
-t - Same as -f flag, only start at end of file.
-x - Start exporting at the specified position.
-y - End exporting at the specified position.
-z - Continue exporting the next records, in case of an error. Default is to stop exporting.
-n - No IP resolving. Default is to resolve all IPs.
-p - No port resolving. Default is to resolve all ports.
-a - Export account records only. Default is export all records.
-u - Unification scheme file name. Default is log_unification_scheme.C.
-m - Unification mode: initial-order, semi-unified, or raw. Default is 'initial'.

0 Kudos
Highlighted
Admin
Admin

In Global Properties:

0 Kudos
Highlighted
Nickel

Hi all,

I have an additional question.

Is it possible to log out of state packets but without droping ? 

Thanks a lot for replies.

Regards

N.

0 Kudos
Highlighted
Admin
Admin

Out of State packets that are allowed are treated as new connections and evaluated against the rulebase.
If the rule matched is configured to log, then you will get a log.
0 Kudos
Highlighted
Nickel

Hi @PhoneBoy ,

Thank you for your reply.

 In order to be sure to understand your reply; so if i disable tcp out of state drop packet on global properties, and log a rule on my policy that match a tcp out of state packet, the tracker will show on "Action field: accept "and on  "Information field: tcp out of state packet". This is what you said ?

 

 

0 Kudos