Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Smart Event not showing Accepted Log

Jump to solution

Smart Event not showing Accepted and the Clean up rule is ANY ANY ALLOW. 

In the Event when i select the policy package in the filter, the ACCEPT logs shows 0. I changed the Log  to Detailed and Extended and after the Accept log was available but when expanding the logs again it shows only DETECT logs.

Please any one help on this issue.

Tags (1)
1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

Re: Smart Event not showing Accepted Log

Jump to solution

What Phoneboy suggested is the older but possible option to correlate FW logs into Correlated Events that the SME will show (should work).

the better R80.10 & above alternative option is to generate a 'Session' log from your FW Rulebase policy, as All Session logs are indexed & shown by the SME.

using this method, you can decide which rules specifically to log into Session logs to also get indexed & shown by the SME.

How-To: Relevant rule > Track > R-Click > More > Activate log 'per Session'.

I'd advise to disable the 1st suggested option of activating Consolidated FW Sessions, if you decide on the 2nd Rulebase 'per Session' option, as it only puts an unnecessary load on your SME server to consolidate All FW logs into correlated events.

 

 

 

 

View solution in original post

0 Kudos
8 Replies
Highlighted
Admin
Admin

Re: Smart Event not showing Accepted Log

Jump to solution
Generally firewall logs are NOT correlated by SmartEvent by default.
They must be enabled in the Event Policy.
Highlighted
Nickel

Re: Smart Event not showing Accepted Log

Jump to solution

Is the above solution works for Rule Name and Rule Number Filter as am not able to filter with these two option.

Highlighted
Admin
Admin

Re: Smart Event not showing Accepted Log

Jump to solution

You need to ensure Firewall Sessions are correlated (they are not by default).
Click on Logs and Monitor > New Tab > SmartEvent Settings and Policy and enable Firewall Sessions as shown.
Push the Event Policy afterwords.

Capture.PNG

Highlighted
Copper

Re: Smart Event not showing Accepted Log

Jump to solution

Hello,

I did it as per screenshot, however I don't see any events from firewall blade.  Am I missing something more? 

Highlighted
Admin
Admin

Re: Smart Event not showing Accepted Log

Jump to solution
What is it that you're actually trying to get from SmartEvent related to these logs?
0 Kudos
Highlighted
Employee
Employee

Re: Smart Event not showing Accepted Log

Jump to solution
SE does not correlate standard fw logs by default.
Highlighted
Employee+
Employee+

Re: Smart Event not showing Accepted Log

Jump to solution

What Phoneboy suggested is the older but possible option to correlate FW logs into Correlated Events that the SME will show (should work).

the better R80.10 & above alternative option is to generate a 'Session' log from your FW Rulebase policy, as All Session logs are indexed & shown by the SME.

using this method, you can decide which rules specifically to log into Session logs to also get indexed & shown by the SME.

How-To: Relevant rule > Track > R-Click > More > Activate log 'per Session'.

I'd advise to disable the 1st suggested option of activating Consolidated FW Sessions, if you decide on the 2nd Rulebase 'per Session' option, as it only puts an unnecessary load on your SME server to consolidate All FW logs into correlated events.

 

 

 

 

View solution in original post

0 Kudos
Highlighted
Copper

Re: Smart Event not showing Accepted Log

Jump to solution

Very nice! This is exactly what I wanted. Now in SmartEvent I can see statistics of how many connections were made and how much data was transferred. Thanks!

0 Kudos