Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oscar_Bernat
Explorer

What is the impact of removing log suppression?

Jump to solution
 
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

No, the suppressed logs are not available anywhere as they are...suppressed from being written anywhere.
This feature dates back to at least FireWall-1 2.x (so quite old) and, to my knowledge, only relates to basic firewall logs, not Threat Prevention. 
However, App Control and possibly Threat Prevention logs can get consolidated.
There is a field in the log entry when this happens (i.e. number of logs).

Like I said, if you choose not to suppress logs, it can create extra load on the log server (disk mostly).

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Primarily disk space/usage, not to mention extra load on the logging infrastructure.
Why is this interesting to you?
What is your precise use case?

0 Kudos
Oscar_Bernat
Explorer

We work in a BAS technology to test security controls continuously, missing events because of the log suppression (default config) puts us in troubles because our test outcome is filled with false negatives (all suppressed logs).

So, I'd like to know if the suppressed logs are stored somewhere and if can be accessed via API if it was the case.


If that's not possible, my question is about the impact of removing log suppression and if the log suppression is related only to threat prevention events or other events as well

0 Kudos
PhoneBoy
Admin
Admin

No, the suppressed logs are not available anywhere as they are...suppressed from being written anywhere.
This feature dates back to at least FireWall-1 2.x (so quite old) and, to my knowledge, only relates to basic firewall logs, not Threat Prevention. 
However, App Control and possibly Threat Prevention logs can get consolidated.
There is a field in the log entry when this happens (i.e. number of logs).

Like I said, if you choose not to suppress logs, it can create extra load on the log server (disk mostly).

View solution in original post

0 Kudos
Timothy_Hall
Champion
Champion

I know for sure that IPS logs are suppressed, this screenshot is from my IPS Immersion course.  Not sure about the rest of Threat Prevention.

ips_suppression.png

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Oscar_Bernat
Explorer

Thanks to everybody!!

0 Kudos