Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Herschel_Liang
Collaborator

When will CP log session?

Assumption we have enabled log all. Sometimes, maybe we can capture packets in GW but can not find any logs record. When will CP log session? Log at session end or session begin?

Will CP log when receive and send echo request but not receive any echo reply packets?

Will CP log when receive and send SYN but not receive any SYN +ACK?

Will CP log when receive and send UDP packets but not receive any UDP reply?

0 Kudos
2 Replies
_Val_
Admin
Admin

A session or a connection? Connections are logged after the first packet (SYN) matched to the rulebase. Session log (with multiple connections) appears a bit later, after consolidation.

Now, if you do not see logs, there might be some other issue, from a SmartLog filter to GW not sending logs to the log server. Could you elaborate an actual case?

PhoneBoy
Admin
Admin

In addition to the above, if a similar session was seen in the last 60 seconds, that won’t get logged either.
Like Val said, a precise case where you think you should be seeing logs but aren’t would be helpful.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events