08-19-2021 11:06 AM
I am trying to figure this out. I created a new block rule on Monday.
When I check the hit count today I see that there have been 275 hits on that rule to date.
When I check the connection events I don't see those hits. I have made sure that logging is turned on for that rule. Not sure why I am not seeing the events.
08-19-2021 12:48 PM
How many rules do you have configured and how many have logging turned on. It might be an issue that your log retention is not large enough and that they are being overwritten.
08-20-2021 10:25 AM
I see event logs for the past three weeks. The rule I am looking at has only been implemented for one week so it shouldn't be a retention issue
08-20-2021 10:34 AM
Actually I noticed more. It seems that anything being blocked is not being logged. I have about 30 rules and right now I have logging enabled for all of them. I have about 7 blocking rules and they show hits but I don't see anything in the event logs.
08-21-2021 01:02 AM
Do your block rules have "log at beginning of connection" set? (The "log at end of connection" setting will never get triggered for a block rule since a connection is not allowed in the first place.)
08-21-2021 01:52 AM
Do you have event monitor enabled under logging in the logging section of the access rule?
Blocked rules should not be possible to block at end as that option should be disabled.
08-23-2021 06:08 AM
Yes it is set. When I look at the logs they were working till about a week ago then suddenly stopped. The option to "log at end of connection" is disabled for blocking rules. I see the logs in my syslog server but not in the logs on the firewalls themselves. I went through all my rules and made sure that they were all set properly.
08-26-2021 05:26 AM
I would like to thank everyone for the feedback. I have resolved the issue. There seems to have been an issue with the firewalls. It also caused an issue when I tried to perform an upgrade. After the upgrade everything is working as expected.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide