Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Report\View - unable to filter ssh_version_2 service

Jump to solution

hey all

i tried to create a report on ssh_version_2 traffic and unable to filter it.

when i filtered by ssh, i only saw SSH v1 traffic that was blocked because SSH v1 are not allowed by policy.

but no mater how i tried to filter the report to all SSH traffic or ssh_version_2 traffic, i didn't get any results of ssh version 2.

in the logs i see the ssh_version_2 logs, and i can filter the log by this service.

any idea why it's acting like this?

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

Kind regards, Amir Senn

View solution in original post

2 Replies
Highlighted
Employee+
Employee+

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

Kind regards, Amir Senn

View solution in original post

Highlighted
Participant
thanks amir
the "session" option was missing.
0 Kudos