Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor

Default track option set to 'Log' for a new rule

Hi all,

 

Is it possible to set the Track option for every new rule to 'Log' instead of 'None'?

We have a customer that would like to have this option because he logs every rule.

 

Regards,

Martijn.

12 Replies
Jerry
Mentor
Mentor

Martijn

when new rule is made by default "none" is applied but changing it manually to LOG isn't a big deal isn't it? When you script (API) new rule(s) creation then obviously you can set automatically to have new rules with "LOG" by default (see API on ATRG - search community or SK DB!) other than than I think "MANUAL" new rule creation will always be (IMHO) with NONE. As far as I know this has been always (since 20-25y) the case if I'm not mistaken ...
Jerry
Martijn
Advisor
Advisor

Hi,

 

It is not up to me to decide for the customer it is not a big deal changing the Track option.

 

The security policy (written and technical) is very strict for this customer. Every action on the network and systems must be logged. So to make is fool-proof, it would be nice if the default Track action was set to 'Log'.

 

I will tell the customer API is a way to do it, but from SmartConsole it is not yet an option.

 

Martijn.

Danny
Champion Champion
Champion

It is. Just enable it within Reporting Tools of your Global Properties.

Martijn
Advisor
Advisor

Hi,

 

I have tried this, but I cannot select my log server (which is the SmartCenter).

Only unused log servers are available. Not sure what that means.

 

I am missing something?

 

Regards,

Martijn

0 Kudos
PhoneBoy
Admin
Admin

Might be worth a TAC case to ask.
0 Kudos
Wolfgang
Authority
Authority

You need another logserver then your actual one. If you look at Dannie’s screenshot you‘ll see the small enhancement.

“you have to choose another logserver then the actual one“. Meaning you need more then one logserver to get this working.

if you have only the one on your smartcenter you need a second one.

0 Kudos
Hugo_vd_Kooij
Advisor

There is a dirty trick that may make this work.

Create a dummy log server object with the IP of the SmartCenter.

Totaly untested ....... but worth a shot.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Martijn
Advisor
Advisor

Did try this, but doe not work.

In my SmartCenter I get the log "Stopped Logging" one I ad a new object with the same IP as the SmartCenter an push a policy.

0 Kudos
Itall
Contributor

It is a very big deal if you have day where are too many changes on firewall. Default logging behavior should be optional as is setting the default source/destination behavior. With API this easy, but not all companyes working with API.

0 Kudos
Wolfgang
Authority
Authority

We had a customer with similar requirements and some more pre defined values.

we created some rules with pre filled settings, like log, install target, description and part of the name. This rule is disabled and placed as first rule in different sections of the rulebase. 

Now you can copy and paste this rule and start a new rule with predefined values. It‘s simple, not the best solution but very helpful.

Hugo_vd_Kooij
Advisor

Interresting workaround.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
JozkoMrkvicka
Authority
Authority

Another dirty workaround:

Check via API all rules which doesnt have logging set, change it and push the firewall.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events