cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

viewing LOG - filter on NAT rule #

Hi,

I'm using the Logs & Monitor of Domain Management Server ( R80.10 ) on a VS ( R77.30 ).

I'm looking for the field name of "Xlate (NAT) Source IP"  to use in the query in Logs & Monitor.

(Already tried filtering using the "Copy Rule UID" of the NAT rule and using it with fieldname rule_uid. )

The drop down list of "other fields"

I hope there's a complete list of field names somewhere. 

Thanks in advance.

Kind regards,

Gerard van Leeuwen

15 Replies
Employee+
Employee+

Re: viewing LOG - filter on NAT rule #

While on the logs page, you can right click the grey columns header and then select 'Edit Profile'. From there you can search for various columns to add, search for Xlate and you should find what you are looking for. Trying to add screenshots but having trouble. Smiley Sad

0 Kudos

Re: viewing LOG - filter on NAT rule #

I already did add the columns Xlate*. That works well.

But I like to use it as a filter.

0 Kudos
Employee+
Employee+

Re: viewing LOG - filter on NAT rule #

Typically you can click on the column headers and add filter from there. The option is grayed out for me so I think it is a bad sign. I've asked some other resources, maybe Tomer Sole‌ can have a suggestion.

0 Kudos
XBensemhoun
Silver

Re: viewing LOG - filter on NAT rule #

Where could we see indexed fields Joshua Hatter ?

0 Kudos
Employee+
Employee+

Re: viewing LOG - filter on NAT rule #

Outside the API my management expertise is limited. My best guess is anything in the "Add a search field:" section once you click in the filter bar. Hoping Tomer or someone else can add some feedback. Russell Seifert

Employee+
Employee+

Re: viewing LOG - filter on NAT rule #

Hi,

xlatesrc = Xlate (NAT) Source IP
xlatedst = Xlate (NAT) Destination IP
xlatesport = Xlate (NAT) Source Port
xlatedport = Xlate (NAT) Destination Port

Example in filter:

xlatesport:33028

xlatedst:10.1.0.0

0 Kudos
XBensemhoun
Silver

Re: viewing LOG - filter on NAT rule #

Only available starting R80* ?

(on R77.30 SmartLog)

0 Kudos
Employee+
Employee+

Re: viewing LOG - filter on NAT rule #

Correct. The NAT fields were not indexed to be searchable on R77.30 and lower due to performance reasons.

0 Kudos

Re: viewing LOG - filter on NAT rule #

I'm sorry Russell. xlatesrc:172.20.0.4 does not work and I'm 100% sure there's such traffic.

I'm aiming the filter for NAT rule number.

The gateways are R77.30 now. Ok I have to wait for this option until those are updated.

Re: viewing LOG - filter on NAT rule #

Hello All,

I am running R80.10 SMS and R77.30 Gateways (Both running latest Jumbo's). I am also having same issue: Added xlate src IP field to my columns by editing the profile but searching xlatesrc: public IP does not work. But, just entering the public IP in the search without any filters does seem to work at times but not all times.

So, my GW's must be on R80+ for this xlate based indexing to work or is it just the SMS needs to be on R80+ ?

Thanks.

0 Kudos
Admin
Admin

Re: viewing LOG - filter on NAT rule #

This is a management/logging feature, the version of gateway is not that relevant.

0 Kudos

Re: viewing LOG - filter on NAT rule #

So, any thoughts on why the issue still exists in R80+ SMS?

Hope this helps other users as well.

Thanks.

0 Kudos
Admin
Admin

Re: viewing LOG - filter on NAT rule #

Sounds like an indexing issue, in which case it's probably worth opening a ticket with the TAC to investigate.

0 Kudos
Raj_Khatri
Copper

Re: viewing LOG - filter on NAT rule #

Has anyone figured out how to filter SmartLog for NAT Rule Number?  When filtering for Access Rule Number it uses "rule:" in the query syntax.  However for NAT Rule Number it uses just the rule number in the query syntax which returns no results.

You are able to filter from Smartview Tracker though....   This is on R80.10 management.

Raj_Khatri
Copper

Re: viewing LOG - filter on NAT rule #

So after working with TAC, it appears that the NAT Rule Numbers are not indexed.  The only workaround is to open an individual log file and use the following query - nat_rulenum: 123

An RFE has been submitted for this request.