View Access Policies in System Log
ArminF
Newbie ✭
Hi All,
i setup a clean up rule at the end of my access polices and see loads of hits there.
Now i wanted to see what this is all about but even with the logging option enabled in the rule i cannot see the details on the system log tab? Do i miss something here?
thanks for enlighten me!
Category: Entry Level Firewalls
0
Best Answer
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
@ArminF did you enabled the events in the Log Settings for being shown in the GUI?
Device -> Log -> Settings ... check for Category Network -> TCP (and UDP) and probably the Event TCP Packets Dropped have a very high Event Count ... to avoid flooding the log, these Events are not populated to the GUI, you have to enable them manually.
--Michael@BWC
0
Answers
Michael@BWC -> as usual SPOT ON!
I went to the Log settings before but was looking for access policy. Did not thought to look into TCP / UDP drop/deny etc...
But i had to raise the log level to Alert from notice to get it reflected.
Thought this log is more common and shows whats going on not focusing on warning/alert only.
thanks!
armin
@BWC
Michael, one more thing for my understanding.
Would i need a cleanup DENY ALL rule?
Or does no rule mean drop all / log all anyway?
thanks
armin
@ArminF there is an implicit Drop All Rule for everything that is not handled and no additional Rule is necessary. This differs from you might know from iptables/netfilter based Firewalls or CheckPoint etc.
Like you did, I'am creating a Rule only in times where I need to do some sniffing/logging.
--MIchael@BWC