Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bernard
Explorer

Question about log records

Hey,
I couldn't find anywhere answer so I will ask here a silly question about log records. Sometimes in logs (via Logs & Monitor) I can see that in Blade column there are values like Multiple Blades (QoS with Firewall) or some single blades - QoS or Firewall.
When record contains Firewall blade then I can get the rule number via which user accessed some resources. But in some records there is only QoS blade - log details shows src IP, dst IP, ports, action etc., but there is no rule number. If the action was "Accept" does it mean that user accessed the destination at the time the QoS record was recorded, even if there are no records from Firewall blade?
I have no idea how to interpret that kind of log records 😞 Maybe you could enlighten me.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

QoS wouldn’t apply until after traffic was accepted by an Access Policy rule.
However, what you’re describing suggests either the accepting rule isn’t being logged or the relevant log was consolidated into a session where the start date/time is different (this doesn’t appear together).

Might be worth a TAC case to have them investigate.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events