- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: When will CP log session?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When will CP log session?
Assumption we have enabled log all. Sometimes, maybe we can capture packets in GW but can not find any logs record. When will CP log session? Log at session end or session begin?
Will CP log when receive and send echo request but not receive any echo reply packets?
Will CP log when receive and send SYN but not receive any SYN +ACK?
Will CP log when receive and send UDP packets but not receive any UDP reply?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A session or a connection? Connections are logged after the first packet (SYN) matched to the rulebase. Session log (with multiple connections) appears a bit later, after consolidation.
Now, if you do not see logs, there might be some other issue, from a SmartLog filter to GW not sending logs to the log server. Could you elaborate an actual case?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition to the above, if a similar session was seen in the last 60 seconds, that won’t get logged either.
Like Val said, a precise case where you think you should be seeing logs but aren’t would be helpful.