cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

SmartLog/Logs vs Tracker/fw.log in R8010

R80.10 Logs view (SmartLog) doesn't seem to find identical results from my dataset as the fw.log view (Tracker) does. My filter in both is something like 10.10.0.0/16 and they seem to find different hosts with that, with the same time limit. Logs view finds only one host and fw.log finds several as expected. Has anybody else run into this?

Tags (2)
4 Replies
XBensemhoun
Silver

Re: SmartLog/Logs vs Tracker/fw.log in R8010

Maybe you're facing aggregated logs on SmartLog (especially if you're using Auto-Refresh functionality)?

Re: SmartLog/Logs vs Tracker/fw.log in R8010

No autorefresh there, but src:subnet OR dst:subnet finds what I want, instead of only subnet search. 

XBensemhoun
Silver

Re: SmartLog/Logs vs Tracker/fw.log in R8010

OK ; as Dameon mentioned: please engage TAC and update this thread

0 Kudos
Admin
Admin

Re: SmartLog/Logs vs Tracker/fw.log in R8010

It could be a aggregation issue as Xavier noted or it could be some sort of indexing issue.

I recommend engaging with the TAC to troubleshoot.