Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
israelgl
Participant
Jump to solution

Report\View - unable to filter ssh_version_2 service

hey all

i tried to create a report on ssh_version_2 traffic and unable to filter it.

when i filtered by ssh, i only saw SSH v1 traffic that was blocked because SSH v1 are not allowed by policy.

but no mater how i tried to filter the report to all SSH traffic or ssh_version_2 traffic, i didn't get any results of ssh version 2.

in the logs i see the ssh_version_2 logs, and i can filter the log by this service.

any idea why it's acting like this?

 

 

0 Kudos
1 Solution

Accepted Solutions
Amir_Senn
Employee
Employee

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

Kind regards, Amir Senn

View solution in original post

2 Replies
Amir_Senn
Employee
Employee

I managed to filter ssh v2 logs in a view. Please pay attention to the following:

1) I used the filter "Service  equals   ssh_version_2"

2) SmartView doesn't index firewall connections. I would check that the relevant rule for ssh v2 has "Session" option checked in the track options in the relevant rule.

Amir Senn

Kind regards, Amir Senn
israelgl
Participant
thanks amir
the "session" option was missing.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events