There is limited memory on the firewall itself to store logs, hence it is best to have a syslog server or Analytics to send those logs to. Once that buffer is full, new logs are stored deleting the older ones.
So, are you seeing those missing logs on the firewall or any of these monitoring tools?
The auditing logs should show if someone cleared the logs manually on the firewall.
Answers
@Ninja,
There is limited memory on the firewall itself to store logs, hence it is best to have a syslog server or Analytics to send those logs to. Once that buffer is full, new logs are stored deleting the older ones.
So, are you seeing those missing logs on the firewall or any of these monitoring tools?
The auditing logs should show if someone cleared the logs manually on the firewall.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services