ICMP log cannot view on Security Management

leangm · ‎2022-07-06

Hello everyone.

I have one question, I wonder about related ICMP logs on security management

I want to track the ping log on the gateway but don't know why ICMP ping cannot monitor on Smart-Console management, while other logs can view.

Scenarios:

- from client host ping to goole.com or 8.8.8.8, ping packet replied from google.com or 8.8.8.8 this client during ping when viewing on smart console by filter src and dst cannot see the icmp log, But when I run tcpdump capture src and dst on gateway I can see the real-time packet client being generate ping to google.com.

Could anyone help to explain the issue of why I cannot view ICMP ping on smart console?

Appreciated your response!

Wolfgang · ‎2022-07-06

@leangm You have to set the Track field to "log" in your rule allowing these ping if you want to see it in the LOGs.

Screenshot 2022-07-07 064244.png

If you allow ICMP via implied rules maybe you don't log inmplied rules. You have to set the following:

Screenshot 2022-07-07 064147.png

leangm · ‎2022-07-07

yes, the implied rule I have checked and logged for tracking, and updated the policy to gateway

but I still cannot view on log for icmp

Wolfgang · ‎2022-07-07

@leangm your screenshot does not show "Log Implied Rules" enabled.

Did you see other logs?

Do you have a filter active in the LogView ?

leangm · ‎2022-07-07

For the first time Log Implied Rules" enabled check on the box track

I see you mentioned " If you allow ICMP via implied rules maybe you don't log inmplied rules. You have to set the following:"

Did you see other logs?

A-Don't see the icmp logs

Do you have a filter active in the LogView ?

A- Yes I have filter src and dst on logs and monitor but didn't see

Amir_Senn · ‎2022-07-31

Try to use explicit log in your rulebase.

Kind regards, Amir Senn

Are you a member of CheckMates?

ICMP log cannot view on Security Management