Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_TK
Advisor
Jump to solution

Take logging out of the implied rules

Happy Friday everyone.

Always running low on space on our current log server, so i've provisioned a new one with 40T of space and trying to get it receiving logs.  This server is on the inside of my network and privately addressed, so i need the logs to traverse the VPN path.

Management is R82 and gateways are R81.20.

Per the guide, the salient implied rules file is: /opt/CPR8120CMP-R82/lib/implied_rules.def

So i made this change : /* #define ENABLE_FWD_LOG */

After pushing policy to a gateway the logging continues to go out on the implied rule 0.


Any ideas on what i've missed here would be appreciate.

 

Thanks.

 

0 Kudos
1 Solution

Accepted Solutions
D_TK
Advisor

with the help of a tac case, yeah.  I'm "pretty" sure the order that i did was:  modify implied rules file \ installed database only to the new log server \ and then pushed policy to the gateway.

Tac had me install database on everything  - 2 log servers and management...and then push policy again.  Started working immediately.  

That's why we all have support!

 

 

 

 

View solution in original post

7 Replies
the_rock
MVP Gold
MVP Gold

If you go to smart console, security policy -> implied rules, see if its logged or not, you can uncheck it there.

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold

@D_TK 

I attached short video of what I meant. If this does not work, and what you tried failed as well, I would definitely verify with TAC.

Andy

0 Kudos
D_TK
Advisor

Thanks Andy.  I reread my initial post and i probably wasn't very clear.  I don't want to change the actually logging of the traffic that matches the implied rules.  I want to change the way the gateway communicates with the its log server - the actual tcp/257 traffic.  And i only want to change this behavior for logging since i have logs and management separate, the normal management <-> gateway control connections would stay the same.

 

Per what i read and what i've done in the past for LDAP, this implied rule setting should control that.

/* #define ENABLE_FWD_LOG */

I guess i'll open a tac on monday.

Have a great weekend.

 

the_rock
MVP Gold
MVP Gold

I would get an official TAC response, agreed.

Have a good 1, as kids woukd say these days 🙂

Andy

0 Kudos
the_rock
MVP Gold
MVP Gold

Hey @D_TK 

Were you able to figure this out?

Andy

0 Kudos
D_TK
Advisor

with the help of a tac case, yeah.  I'm "pretty" sure the order that i did was:  modify implied rules file \ installed database only to the new log server \ and then pushed policy to the gateway.

Tac had me install database on everything  - 2 log servers and management...and then push policy again.  Started working immediately.  

That's why we all have support!

 

 

 

 

the_rock
MVP Gold
MVP Gold

Great news!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events