- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: No logging from Access Control policy
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No logging from Access Control policy
R80.40 JHF 48 on GW and Mgmt
Created a policy using inline app/URLF rules. I get logging on all the app/URLF rules but no other rules in the access control policy log. Has anyone seen this behavior before?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you see more than just the APCL/URLF logs if you fire up the old SmartView Tracker (CPlgv.exe) and look at the logs that way? If they are there that indicates some kind of log indexing problem. If the additional logs are not present in the Tracker that indicates some kind of policy configuration issue.
March 27th with sessions for both the EMEA and Americas time zones
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Timothy_Hall I went into SmartView and the logs are in there. Looks like an indexing problem. Now to find an SK to fix that. Thank you for the bread crumbs!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK if you could post a follow-up with the solution that would be great, there seems to be many different ways for this to happen.
March 27th with sessions for both the EMEA and Americas time zones
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If it's under spec, Log Indexing is disabled by default.
It can also be manually disabled in the SmartConsole object as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Turning on indexing did not resolve the issue but I did find that if I open a log file, I can see all the logs. I am surprised I would need to do that. Have either of you seen that?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've had this issue after upgrading a management station to R80.30. No logs from the security blade, only TP, solved after File --> Open fw.log. Logs were visible continuously after that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same here. Now I am trying to see if I can force that file to be the default.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After some looking up, I found that the logs exist but I have to open the log for the day I would like to get from:
There doesn't seem to be a way to make this behavior by default. Any ideas?
