This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Oscar_Bernat
Explorer
‎2021-01-22 08:11 AM

What is the impact of removing log suppression?

Jump to solution
 
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-01-25 12:11 AM
In response to Oscar_Bernat

Jump to solution

No, the suppressed logs are not available anywhere as they are...suppressed from being written anywhere.
This feature dates back to at least FireWall-1 2.x (so quite old) and, to my knowledge, only relates to basic firewall logs, not Threat Prevention. 
However, App Control and possibly Threat Prevention logs can get consolidated.
There is a field in the log entry when this happens (i.e. number of logs).

Like I said, if you choose not to suppress logs, it can create extra load on the log server (disk mostly).

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2021-01-22 09:29 AM

Jump to solution

Primarily disk space/usage, not to mention extra load on the logging infrastructure.
Why is this interesting to you?
What is your precise use case?

0 Kudos
Oscar_Bernat
Explorer
‎2021-01-24 11:54 PM
In response to PhoneBoy

Jump to solution

We work in a BAS technology to test security controls continuously, missing events because of the log suppression (default config) puts us in troubles because our test outcome is filled with false negatives (all suppressed logs).

So, I'd like to know if the suppressed logs are stored somewhere and if can be accessed via API if it was the case.


If that's not possible, my question is about the impact of removing log suppression and if the log suppression is related only to threat prevention events or other events as well

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-25 12:11 AM
In response to Oscar_Bernat

Jump to solution

No, the suppressed logs are not available anywhere as they are...suppressed from being written anywhere.
This feature dates back to at least FireWall-1 2.x (so quite old) and, to my knowledge, only relates to basic firewall logs, not Threat Prevention. 
However, App Control and possibly Threat Prevention logs can get consolidated.
There is a field in the log entry when this happens (i.e. number of logs).

Like I said, if you choose not to suppress logs, it can create extra load on the log server (disk mostly).

View solution in original post

0 Kudos
Timothy_Hall
Champion
Champion
‎2021-01-25 06:11 AM
In response to PhoneBoy

Jump to solution

I know for sure that IPS logs are suppressed, this screenshot is from my IPS Immersion course.  Not sure about the rest of Threat Prevention.

ips_suppression.png

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Oscar_Bernat
Explorer
‎2021-01-28 11:55 PM
In response to Timothy_Hall

Jump to solution

Thanks to everybody!!

0 Kudos