Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BikeMan
Contributor

Log field description

Dear all,

I have a question about the log field we have in Log Detail. We are using R80.20 on firewall and R80.40 at the MDM level.

In the "More" section of log, there is a field called "First".It seems it is a boolean field (only true/false). What does it mean ?

I had a look at sk144192 but explanation does not really help.

Depending on the status, some other field are filled:

-False: Empty field

Source ZoneDestination Zone

- False: Filled 

Connection DirectionLog Delay

Last Update Time

 

- True: the opposite (field above are filled).

Thanks,

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

A screen shot of an example log entry with sensitive details redacted would be helpful.

0 Kudos
BikeMan
Contributor

Hi,

here is an extertact. Sensitive info remove.

Rgds,

 

0 Kudos
PhoneBoy
Admin
Admin

For connections where accounting information is required, we send a log entry every 10 minutes via the Log Exporter process.
The "first" log entry presumably is the very first entry for that connection and would not have the accounting information.

0 Kudos
BikeMan
Contributor

There is no accounting.

0 Kudos
PhoneBoy
Admin
Admin

Even if accounting logs aren't specifically requested on the matched rule, certain types of rules (e.g. involving applications and/or URLs) will automatically track accounting data.
Given the samples were all web traffic, there is a high likelihood this is what's happening.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events