Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Collaborator

Default track option set to 'Log' for a new rule

Hi all,

 

Is it possible to set the Track option for every new rule to 'Log' instead of 'None'?

We have a customer that would like to have this option because he logs every rule.

 

Regards,

Martijn.

11 Replies
Jerry
Leader
Leader

Martijn

when new rule is made by default "none" is applied but changing it manually to LOG isn't a big deal isn't it? When you script (API) new rule(s) creation then obviously you can set automatically to have new rules with "LOG" by default (see API on ATRG - search community or SK DB!) other than than I think "MANUAL" new rule creation will always be (IMHO) with NONE. As far as I know this has been always (since 20-25y) the case if I'm not mistaken ...
Jerry
Martijn
Collaborator

Hi,

 

It is not up to me to decide for the customer it is not a big deal changing the Track option.

 

The security policy (written and technical) is very strict for this customer. Every action on the network and systems must be logged. So to make is fool-proof, it would be nice if the default Track action was set to 'Log'.

 

I will tell the customer API is a way to do it, but from SmartConsole it is not yet an option.

 

Martijn.

Danny
Champion
Champion

It is. Just enable it within Reporting Tools of your Global Properties as shown in this screen shot:

martijn.png

Martijn
Collaborator

Hi,

 

I have tried this, but I cannot select my log server (which is the SmartCenter).

Only unused log servers are available. Not sure what that means.

 

I am missing something?

 

Regards,

Martijn

0 Kudos
PhoneBoy
Admin
Admin

Might be worth a TAC case to ask.
0 Kudos
Wolfgang
Leader
Leader

You need another logserver then your actual one. If you look at Dannie’s screenshot you‘ll see the small enhancement.

“you have to choose another logserver then the actual one“. Meaning you need more then one logserver to get this working.

if you have only the one on your smartcenter you need a second one.

0 Kudos
Hugo_vd_Kooij
Advisor

There is a dirty trick that may make this work.

Create a dummy log server object with the IP of the SmartCenter.

Totaly untested ....... but worth a shot.

0 Kudos
Martijn
Collaborator

Did try this, but doe not work.

In my SmartCenter I get the log "Stopped Logging" one I ad a new object with the same IP as the SmartCenter an push a policy.

0 Kudos
Wolfgang
Leader
Leader

We had a customer with similar requirements and some more pre defined values.

we created some rules with pre filled settings, like log, install target, description and part of the name. This rule is disabled and placed as first rule in different sections of the rulebase. 

Now you can copy and paste this rule and start a new rule with predefined values. It‘s simple, not the best solution but very helpful.

Hugo_vd_Kooij
Advisor

Interresting workaround.

0 Kudos
JozkoMrkvicka
Leader
Leader

Another dirty workaround:

Check via API all rules which doesnt have logging set, change it and push the firewall.

Kind regards,
Jozko Mrkvicka
0 Kudos