Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BunleangMeng_KH
Contributor

ICMP log cannot view on Security Management

Hello everyone.

I have one question, I wonder about related ICMP logs on security management 

I want to track the ping log on the gateway but don't know why ICMP ping cannot monitor on Smart-Console management, while other logs can view.

Scenarios:

- from client host ping to goole.com or 8.8.8.8, ping packet replied from google.com or 8.8.8.8 this client during ping when viewing on smart console by filter src and dst cannot see the icmp log, But when I run tcpdump capture src and dst on gateway I can see the real-time packet client being generate ping to google.com.

Could anyone help to explain the issue of why I cannot view ICMP ping on smart console?

 

Appreciated your response! 

0 Kudos
5 Replies
Wolfgang
Authority
Authority

@BunleangMeng_KH You have to set the Track field to "log" in your rule allowing these ping if you want to see it in the LOGs.

Screenshot 2022-07-07 064244.png

If you allow ICMP via implied rules maybe you don't log inmplied rules. You have to set the following:

Screenshot 2022-07-07 064147.png

0 Kudos
BunleangMeng_KH
Contributor

yes, the implied rule I have checked and logged for tracking, and updated the policy to gateway 

but I still cannot view on log for icmp

photo_2022-07-07_14-17-03.jpgphoto_2022-07-07_14-08-41.jpg

0 Kudos
Wolfgang
Authority
Authority

@BunleangMeng_KH your screenshot does not show "Log Implied Rules" enabled.

Did you see other logs?

Do you have a filter active in the LogView ?

0 Kudos
BunleangMeng_KH
Contributor

For the first time Log Implied Rules" enabled check on the box track 

I see you mentioned " If you allow ICMP via implied rules maybe you don't log inmplied rules. You have to set the following:"

Did you see other logs?

A-Don't see the icmp logs

Do you have a filter active in the LogView ? 

A- Yes I have filter src and dst on logs and monitor but didn't see 

0 Kudos
Amir_Senn
Employee
Employee

Try to use explicit log in your rulebase.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events