Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff_Gao
Advisor

Why policy server can receive logs

Dear all

    I have a  separate log server of R80.10 and policy server also enable log feature.I just only configure gw send logs to log server,as below:

 

1.png

I think gw should only sends logs to log server and I confirmed it in LOGS&MONITOR,because LOGS&MONITOR can not display gw logs in policy server.

but when i see the logs below policy in policy server,all logs can full display,as below:

2.png

 

This is why, I can not understand what is the theory .thanks

 

0 Kudos
3 Replies
Amir_Senn
Employee
Employee

Hey Jeff,

All policy servers have the logging module activated.

You have a dedicated log server which is great IMO but some smaller operation might not need this solution and use the policy server as their log server.

You can still send logs to the server as a backup if the log server is down.

Also, if the policy server doesn't appear in the log server picker (in case there's only 1 you won't see the log server picker at all) it means it's probably not in index mode, which means that you need to open logs files manually.

Today all policy servers by default are set to index logs automatically. This means that if you don't see the log server picker it's either old configuration that was saved in the upgrade or you installed the policy server as both policy server and GW which will set it to non-index mode as well.

Amir Senn

Kind regards, Amir Senn
0 Kudos
Jeff_Gao
Advisor

I can't understand quite clearly.Does policy server will pull index logs from log server? so policy server can see policy logs? Is such?
0 Kudos
Amir_Senn
Employee
Employee

Servers with log module not necessarily index the logs, but if it does it saves it locally.

In index mode every query you make will check all indexes from all log servers that are marked in the log server picker, that means no matter were you're connecting, as long as servers are marked and the indexing is turned on, you'll check all of them.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events