cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1211
Views
0
Helpful
7
Replies

Access Control Rules

gcook0001
Level 1
Level 1

I am trying to figure this out.   I created a new block rule on Monday.

When I check the hit count today I see that there have been 275 hits on that rule to date.

When I check the connection events I don't see those hits.   I have made sure that logging is turned on for that rule.  Not sure why I am not seeing the events.

7 Replies 7

How many rules do you have configured and how many have logging turned on.  It might be an issue that your log retention is not large enough and that they are being overwritten.

--
Please remember to select a correct answer and rate helpful posts

I see event logs for the past three weeks.  The rule I am looking at has only been implemented for one week so it shouldn't be a retention issue

Actually I noticed more.  It seems that anything being blocked is not being logged.  I have about 30 rules and right now I have logging enabled for all of them.  I have about 7 blocking rules and they show hits but I don't see anything in the event logs.

Do your block rules have "log at beginning of connection" set? (The "log at end of connection" setting will never get triggered for a block rule since a connection is not allowed in the first place.)

Do you have event monitor enabled under logging in the logging section of the access rule?
Blocked rules should not be possible to block at end as that option should be disabled.

 

--
Please remember to select a correct answer and rate helpful posts

Yes it is set.  When I look at the logs they were working till about a week ago then suddenly stopped.  The option to "log at end of connection" is disabled for blocking rules.  I see the logs in my syslog server but not in the logs on the firewalls themselves.  I went through all my rules and made sure that they were all set properly.  

gcook0001
Level 1
Level 1

I would like to thank everyone for the feedback.  I have resolved the issue.   There seems to have been an issue with the firewalls.  It also caused an issue when I tried to perform an upgrade.  After the upgrade everything is working as expected.

 

Thanks again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: