Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

Report\View - unable to filter ssh_version_2 service

Jump to solution

hey all

i tried to create a report on ssh_version_2 traffic and unable to filter it.

when i filtered by ssh, i only saw SSH v1 traffic that was blocked because SSH v1 are not allowed by policy.

but no mater how i tried to filter the report to all SSH traffic or ssh_version_2 traffic, i didn't get any results of ssh version 2.

in the logs i see the ssh_version_2 logs, and i can filter the log by this service.

any idea why it's acting like this?

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

Re: Report\View - unable to filter ssh_version_2 service

Jump to solution

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

View solution in original post

2 Replies
Highlighted
Employee+
Employee+

Re: Report\View - unable to filter ssh_version_2 service

Jump to solution

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

View solution in original post

Iron

Re: Report\View - unable to filter ssh_version_2 service

Jump to solution
thanks amir
the "session" option was missing.
0 Kudos