smartview monitor and smartview logs didnt match

cathychan · ‎2023-08-06

Hello Guys, I have a question about our monitoring tools, on smartview I am seeing a huge spike on SRC and DEST. however, when I check on smartview logs I didnt see the logs for it

example

Smartview monitor shows 60Gbps of traffic spike for SRC A and DEST B.

when I review the logs on smartview logs this connection didnt show up.

Note: we have a specific rule that allows the connection.

Any reasons you know why?

thank you!

_Val_ · ‎2023-08-08

How did you search?

_Val_ · ‎2023-08-08

It seems to me, you are missing a font or two, so they do not render.

cathychan · ‎2023-08-10

thank you Val for response, can you share what do you mean by Font 😄 Im sorry I am new.. If you mean filter.. what I did is

origin: FWCluster

Source: SOURCEIP

port: 2049

I check on the statistics no logs for the destination I am looking to but I can definitely see it on monitor and also on packet capture.

thank you!

_Val_ · ‎2023-08-10

Sorry, I though I was answering a different thread, disregard the fonts 🙂

_Val_ · ‎2023-08-10

So, my understanding is, you cannot find logs for certain connections. Do you log all rules?

cathychan · ‎2023-08-10

yes we do log all rules.. for some reason only this is not logged 😕

PhoneBoy · ‎2023-08-23

Is it a continually active connection (i.e. no TCP FIN/RST) or one that terminates/re-establishes?
If it's continually active, then you will only find a single log entry for the original connection establishment with the bytes updated on that log entry.

Are you a member of CheckMates?

smartview monitor and smartview logs didnt match