cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Is it possible to log out of state packets only for system running 77.30?

I have MDS version 80.10 and Gateways running 77.30 with multiple VFs. I was hoping to log all out of state packets received by the firewall to be logged? Is there an inspect command that can help us achieve that?

Regards, 

KS. 

2 Replies
Danny
Pearl

Re: Is it possible to log out of state packets only for system running 77.30?

On Firewall Management: fwm logexport -n -p | grep state

On Firewall Gateway: fw ctl zdebug drop | grep state

# fwm logexport -help

Usage:
fwm logexport [-d delimiter] [-i filename] [-o filename] [-f|-t] [-x start_pos] [-y end_pos] [-z] [-n] [-p] [-a] [-u unification_scheme_file] [-m (initial|semi|raw)]
Where:
-d - Set the output delimiter. Default is ';'.
-i - Input log file name. Default is the active log file, fw.log.
-o - Output file name. Default is printing to the screen.
-f - Only in case of active log file - Upon reaching end of file, wait for new records and export them as well.
-t - Same as -f flag, only start at end of file.
-x - Start exporting at the specified position.
-y - End exporting at the specified position.
-z - Continue exporting the next records, in case of an error. Default is to stop exporting.
-n - No IP resolving. Default is to resolve all IPs.
-p - No port resolving. Default is to resolve all ports.
-a - Export account records only. Default is export all records.
-u - Unification scheme file name. Default is log_unification_scheme.C.
-m - Unification mode: initial-order, semi-unified, or raw. Default is 'initial'.

0 Kudos
Admin
Admin

Re: Is it possible to log out of state packets only for system running 77.30?

In Global Properties:

0 Kudos