Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fly1ng_circus
Contributor

R80.40 generating too many logs

When using a LEA connection in R80.40 for logging or when using smart console, I am getting too many logs. For instance I get two logs for each hit on a rule. I have tried per connection and per session. Makes no difference. for some reason every connection generates two logs.

I am sure it is something I have done, but so far I haven't figured out what. Any ideas as to what I have broken here?

0 Kudos
5 Replies
John_Fleming
Advisor

Are your LEA clients connecting to more then one device?

fly1ng_circus
Contributor

not to more than one device that should be sending the same logs. I have tried it connect to just the one R80.40 CMA and also to my R80.30 CMA. If I connect to my R80.30 instance everything works fine. Connecting to R80.40 gives double logs. and obviously it is more than just LEA because the same thing is happening in smart console.

PhoneBoy
Admin
Admin

Have you compared the log cards on both logs to see if there is any difference?
This might require a TAC case.

As a separate question, why are you using LEA instead of Log Exporter?

0 Kudos
fly1ng_circus
Contributor

I have compared them and there is no difference. However, something I have done (I do not know what) Seems to have stopped the double logs in the Smart Console. However LEA is still producing double logs.

The reason for using LEA is that Firemon doesn't yet support Log Exporter, so in testing LEA with Firemon, I noticed the problem with double hitcounts. I started digging and noticed it in Smart console and in the LEA records that Firemon is collecting.

PhoneBoy
Admin
Admin

Like I said, you probably need a TAC case.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events