cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
cdrik
Iron

Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution

Hello,

Our clusterXl gateways are configured to send their tracked rules logs to our management servers and we have also enabled to send all rule logs to another dedicated log server. (configured in Reporting tool).

Everything is working as expected in R77.30 but we have upgraded one of our cluster to r80.20 and since then this cluster does only logs rules with the track option set to 'log'. On our management server and also on our dedicated log server...

Is it still possible to keep logs of all rule in R80.20 without being force to set all rule in 'log'?

regards,

Cedric

0 Kudos
1 Solution

Accepted Solutions

Re: Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution

I assume he is talking about the "complimentary log" feature:

image.pngReporting Tools

This is not supported since R80.10 sk122486:

image.pngsk122486

 

This information was published after a case of our customer, where we got the following information:
- The complementary log was supported in R80.10, but did not work due to bug.
- We can confirm that this feature is not supported in R80.20 and R80.30 - the sk122486 is correct.
- This feature hopefully will be brought back in next releases, but there is no concrete plan.

Btw. this customer used this feature for the following:
- Log specific rules for audit purpose to one log server with long retention period
- Log all rules for troubleshooting purpose to other log server with really short retention period

View solution in original post

5 Replies
Admin
Admin

Re: Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution
From your description, it sounds like this was configured in SmartReporter, which definitely no longer exists in R80.x.
In which case, I don't believe this function exists in R80.x.
0 Kudos
Employee+
Employee+

Re: Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution

You said that you'll have to turn the tracking option to "log" in order for the rule to generate logs. This is correct. If you have application control/URL filtering enabled in the policy you can also use extended or detailed logging types.

Can you explain how the logging was configured in R77.30?

0 Kudos

Re: Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution

I assume he is talking about the "complimentary log" feature:

image.pngReporting Tools

This is not supported since R80.10 sk122486:

image.pngsk122486

 

This information was published after a case of our customer, where we got the following information:
- The complementary log was supported in R80.10, but did not work due to bug.
- We can confirm that this feature is not supported in R80.20 and R80.30 - the sk122486 is correct.
- This feature hopefully will be brought back in next releases, but there is no concrete plan.

Btw. this customer used this feature for the following:
- Log specific rules for audit purpose to one log server with long retention period
- Log all rules for troubleshooting purpose to other log server with really short retention period

View solution in original post

cdrik
Iron

Re: Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution
thanks for your reply.
It is indeed the feature that I was looking for. We use this for troubleshooting.
I guess I will have to put all rules in 'log' to keep this option.
0 Kudos

Re: Enable tracking all rule not working after upgrade to R80.20 ?

Jump to solution

I ran across this limitation after upgrading to R80.10, too  and contacted TAC. At the beginning, they had no idea that this feature was not working(...).  At the end of this SR they stated, it will be supported in R80.20

After the upgrade to R80.20 I recognized that this feature is still not working: so I contacted TAC again.

The final answer:

"Here is the statement we received from the R&D Group Manager regarding this feature:
    - The complementary log was supported in R80.10, but did not work due to bug.
    - We can confirm that this feature is not supported in R80.20 and R80.30 - the sk122486 is correct.
    - This feature hopefully will be brought back in next releases, but there is no concrete plan."

0 Kudos