Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SamiH
Contributor

SmartLog/Logs vs Tracker/fw.log in R8010

R80.10 Logs view (SmartLog) doesn't seem to find identical results from my dataset as the fw.log view (Tracker) does. My filter in both is something like 10.10.0.0/16 and they seem to find different hosts with that, with the same time limit. Logs view finds only one host and fw.log finds several as expected. Has anybody else run into this?

4 Replies
XBensemhoun
Employee
Employee

Maybe you're facing aggregated logs on SmartLog (especially if you're using Auto-Refresh functionality)?

Information Security enthusiast, CISSP, CCSP
SamiH
Contributor

No autorefresh there, but src:subnet OR dst:subnet finds what I want, instead of only subnet search. 

XBensemhoun
Employee
Employee

OK ; as Dameon mentioned: please engage TAC and update this thread

Information Security enthusiast, CISSP, CCSP
0 Kudos
PhoneBoy
Admin
Admin

It could be a aggregation issue as Xavier noted or it could be some sort of indexing issue.

I recommend engaging with the TAC to troubleshoot.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events