I've done a CLI dump of all the logs but I can't find anything that logs firewall rule hits (like the firewall section of the GUI logs).
What am I missing?!
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
There is no log file for such traffic, basically because the data is dynamic. What this means: Logviewer is something dynamic (Database) which includes data like "transferred data" etc. This is only available if the connection is closed. Therefore the Logviewer has data, which a static log would not fetch.
What is the use case for your approach? What do you want to look for?
Syslog could potentially log this in a static manner, but the firewall itself /log will not do this.
__________________________________________________________________________________________________________________
I get what you are saying but I don't see why the XG can't log the information that you get in the GUI interface (the firewall hits). If you can send it to syslog, you can send it to a log file.
This is the second time I've wanted to look for some historical information (a week, two weeks ago). I don't have enough information to use the available search criteria to effectively narrow the search down in the GUI, so basically I want to look at all hits for a few hours on a certain date. There is no date filter on the GUI. I know if I scroll far enough down, I can get to it but that would take forever. It is also much easier with this sort of query having a searchable text file than the GUI which shows 20-25 lines at a time.
I get what you are saying but I don't see why the XG can't log the information that you get in the GUI interface (the firewall hits). If you can send it to syslog, you can send it to a log file.
This is the second time I've wanted to look for some historical information (a week, two weeks ago). I don't have enough information to use the available search criteria to effectively narrow the search down in the GUI, so basically I want to look at all hits for a few hours on a certain date. There is no date filter on the GUI. I know if I scroll far enough down, I can get to it but that would take forever. It is also much easier with this sort of query having a searchable text file than the GUI which shows 20-25 lines at a time.
That would be a good use case for Central Firewall Reporting.
...or just logging/reporting it locally or putting a date filter in the GUI. Why is there no date filter in the GUI?
I have just had a look at Central Firewall Reporting and was significantly underwhelmed. I might possibly be able to get the information I wanted if I could export the data as a CSV and browse it that way, but as I do not have the paid version, that is unavailable.