- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: viewing LOG - filter on NAT rule #
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
viewing LOG - filter on NAT rule #
Hi,
I'm using the Logs & Monitor of Domain Management Server ( R80.10 ) on a VS ( R77.30 ).
I'm looking for the field name of "Xlate (NAT) Source IP" to use in the query in Logs & Monitor.
(Already tried filtering using the "Copy Rule UID" of the NAT rule and using it with fieldname rule_uid. )
The drop down list of "other fields"
I hope there's a complete list of field names somewhere.
Thanks in advance.
Kind regards,
Gerard van Leeuwen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While on the logs page, you can right click the grey columns header and then select 'Edit Profile'. From there you can search for various columns to add, search for Xlate and you should find what you are looking for. Trying to add screenshots but having trouble.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I already did add the columns Xlate*. That works well.
But I like to use it as a filter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Typically you can click on the column headers and add filter from there. The option is grayed out for me so I think it is a bad sign. I've asked some other resources, maybe Tomer Sole can have a suggestion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where could we see indexed fields Joshua Hatter ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Outside the API my management expertise is limited. My best guess is anything in the "Add a search field:" section once you click in the filter bar. Hoping Tomer or someone else can add some feedback. Russell Seifert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
xlatesrc = Xlate (NAT) Source IP
xlatedst = Xlate (NAT) Destination IP
xlatesport = Xlate (NAT) Source Port
xlatedport = Xlate (NAT) Destination Port
Example in filter:
xlatesport:33028
xlatedst:10.1.0.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only available starting R80* ?
(on R77.30 SmartLog)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct. The NAT fields were not indexed to be searchable on R77.30 and lower due to performance reasons.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm sorry Russell. xlatesrc:172.20.0.4 does not work and I'm 100% sure there's such traffic.
I'm aiming the filter for NAT rule number.
The gateways are R77.30 now. Ok I have to wait for this option until those are updated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
I am running R80.10 SMS and R77.30 Gateways (Both running latest Jumbo's). I am also having same issue: Added xlate src IP field to my columns by editing the profile but searching xlatesrc: public IP does not work. But, just entering the public IP in the search without any filters does seem to work at times but not all times.
So, my GW's must be on R80+ for this xlate based indexing to work or is it just the SMS needs to be on R80+ ?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is a management/logging feature, the version of gateway is not that relevant.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, any thoughts on why the issue still exists in R80+ SMS?
Hope this helps other users as well.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like an indexing issue, in which case it's probably worth opening a ticket with the TAC to investigate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anyone figured out how to filter SmartLog for NAT Rule Number? When filtering for Access Rule Number it uses "rule:" in the query syntax. However for NAT Rule Number it uses just the rule number in the query syntax which returns no results.
You are able to filter from Smartview Tracker though.... This is on R80.10 management.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So after working with TAC, it appears that the NAT Rule Numbers are not indexed. The only workaround is to open an individual log file and use the following query - nat_rulenum: 123
An RFE has been submitted for this request.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This still seems to be a problem on R81.10. I can't figure out a way to apply a filter on the NAT IP.
I hide tons of traffic behind my LAN interface IP 192.168.1.1. And of course behind the public interface IP for web access.
If I try xlatesrc:192.168.1.1 I get zero hits. Same if I use the public hide IP.
If I filter on just 192.168.1.1 then I get millions of hits for all sorts besides just the NAT. So it's useless.
There must be a way to filter logs on the NAT fields? 🙄
