Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ykpark
Contributor

Firewall log decrease after R80.40 upgrade

 

Dear all,

The customer upgraded the version of the firewall and management server from R80.30 to R80.40.

They said that the log events decreased after the version upgrade.
Customers report that the average daily fw log for the firewall has decreased from 35 million to 13,000.

(All upgraded firewalls are showing the same problem.)

Too many differences have occurred. We want to find out why this number of fw log has decreased.

Please advise if you have had a similar problem to us or how to find this problem.

Thanks

 

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

How much disk space is available, are the raw log files there and it's just an indexing issue?

sk167511: Log indexing is delayed after an upgrade to R80.40

If you have the latest Jumbo applied might be worth discussing your symptoms with TAC.

CCSM R77/R80/ELITE
0 Kudos
ykpark
Contributor

Hi, 

Thank you for your answer.

It is being sent to the log server using the log export function.
Could it be an issue with log server delivery if there is an issue with indexing lag?

Thanks.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

So to clarify are the logs there on the CP Mgmt/Log server they just aren't being received at the SIEM end in the same volumes as before?

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events