Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AlejandroH
Ambassador
Ambassador

No logging from Access Control policy

R80.40 JHF 48  on GW and Mgmt

Created a policy using inline app/URLF rules.  I get logging on all the app/URLF rules but no other rules in the access control policy log.  Has anyone seen this behavior before?

9 Replies
AlejandroH
Ambassador
Ambassador

Before anyone ask, yes, tracking is set to Log on the rule I want to get logs on.
Timothy_Hall
Legend Legend
Legend

Can you see more than just the APCL/URLF logs if you fire up the old SmartView Tracker (CPlgv.exe) and look at the logs that way?  If they are there that indicates some kind of log indexing problem.  If the additional logs are not present in the Tracker that indicates some kind of policy configuration issue.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
AlejandroH
Ambassador
Ambassador

@Timothy_Hall  I went into SmartView and the logs are in there.  Looks like an indexing problem.  Now to find an SK to fix that.  Thank you for the bread crumbs!

Timothy_Hall
Legend Legend
Legend

OK if you could post a follow-up with the solution that would be great, there seems to be many different ways for this to happen.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
PhoneBoy
Admin
Admin

What is the hardware configuration of your management?
If it's under spec, Log Indexing is disabled by default.
It can also be manually disabled in the SmartConsole object as well.
AlejandroH
Ambassador
Ambassador

Turning on indexing did not resolve the issue but I did find that if I open a log file, I can see all the logs.  I am surprised I would need to do that.  Have either of you seen that?

 

Alex-
Leader Leader
Leader

I've had this issue after upgrading a management station to R80.30. No logs from the security blade, only TP, solved after File --> Open fw.log. Logs were visible continuously after that.

AlejandroH
Ambassador
Ambassador

Same here.  Now I am trying to see if I can force that file to be the default.

AlejandroH
Ambassador
Ambassador

@Timothy_Hall and @PhoneBoy 

After some looking up, I found that the logs exist but I have to open the log for the day I would like to get from:

7-6-2020 2-58-31 PM.jpg

 
 

There doesn't seem to be a way to make this behavior by default.  Any ideas?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events