Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
David_C1
Advisor

Hit counts show recent "Last hit" but no logs

Wondering if anyone else has encountered this issue. The hit counter for a certain rule shows a "Last hit" recently (seven days ago in the screenshot) but when I look in the actual logs, nothing shows up.

Hit counts.jpg

Track Settings are set to Log, no Accounting, Log Generation per Connection.

I'm trying to clean out a few rules that (I think) are unused.

Thanks,

Dave

 

0 Kudos
4 Replies
JozkoMrkvicka
Authority
Authority

I never used showing Logs per rule within the policy package - as it never worked.

Try to right click on the rule, then "Copy Rule UID". Go to SmartLog (SmartView) and paste the copied rule UID as filter string. Now you will get all logs for this one specific rule.

If you want to see logs from more rules, use logical operator "OR" between rule UIDs within the filter.

Kind regards,
Jozko Mrkvicka
David_C1
Advisor

Thanks for this tip. Once I got the search field name correct (layer_uuid_rule_uuid:) I was able to find logs from some rules that I would expect but not others. I also found that in at least one case, I had to remove the underscore _ to get results. In the Logging and Monitoring guide, it says:

For faster results, use this syntax in the query search bar:
layer_uuid_rule_uuid:*_<UID>
For example, paste this into the query search bar and click Enter:
layer_uuid_rule_uuid:*_46f0ee3b-026d-45b0-b7f0-5d71f6d8eb10

 

However, in at least one search, I didn't get results with the _ included. When I removed it and searched on *<UID> I got results.

Seems in general searching via Rule UID is at best unreliable.

Dave

 

the_rock
Legend
Legend

I had same issue before and TAC advised it could be cosmetic issue, but I never pursued it further. This was back in R80.10 version, though I still see same issue in R81.10

0 Kudos
birju
Explorer

Hi David,

I am facing a weird issue that there is not hit count and logs available at console but services are still running.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events