Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Iron

Report\View - unable to filter ssh_version_2 service

Jump to solution

hey all

i tried to create a report on ssh_version_2 traffic and unable to filter it.

when i filtered by ssh, i only saw SSH v1 traffic that was blocked because SSH v1 are not allowed by policy.

but no mater how i tried to filter the report to all SSH traffic or ssh_version_2 traffic, i didn't get any results of ssh version 2.

in the logs i see the ssh_version_2 logs, and i can filter the log by this service.

any idea why it's acting like this?

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

Re: Report\View - unable to filter ssh_version_2 service

Jump to solution

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

View solution in original post

2 Replies
Highlighted
Employee+
Employee+

Re: Report\View - unable to filter ssh_version_2 service

Jump to solution

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

View solution in original post

Highlighted
Iron

Re: Report\View - unable to filter ssh_version_2 service

Jump to solution
thanks amir
the "session" option was missing.
0 Kudos