Missing date in firewall log search

Hello,

I can confirm, the date field is not display in firewall log search or live view. But was it once present?

Hello Michael,

i've searched in my mailbox for older logs, and i've found the output from packetfilter log two years ago, where the logfilename and date will be shown, if i'm searching in the packetfilter log for more than one day:

/var/log/packetfilter.log:2018:08:23-16:13:18 fw-1 ulogd[16253]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth0" srcmac="00:89:c6:d1:dd:6d" dstmac="0f:0a:88:f1:25:f6" srcip="xx.xx.xx.xx" dstip="yy.yy.yy.yy" proto="6" length="168" tos="0x00" prec="0x00" ttl="126" srcport="443" dstport="53784" tcpflags="ACK PSH" 

Regards,

Markus

Hi Markus,

 it is an problem in the presentation inside the webadmin GUI. The live log and search log output trimm the log file and make nice red, green, white background colors to the lines. 

If you open the log file as downloaded file you can see the date field and many more. But your primary question was the log search inside the webadmin GUI.

regards,

Michael 

Hello Markus,

Thank you for contacting the Sophos Community!

To add to what Michael said, the Live Log is only for the day, so it won't show the date, Live Log formats the log just to provide the most necessary information, if you want to see the full log you can go to Logging & Reporting >> View Log Files >> Today's Log Files and then click on View instead of Live Log.

Regards,

Hi Emmanuel,

ok, after a long search i've found a SG appliance with an older Firmware and i could verify my Topic, when i'm searching in the WebAdmin Firewall Log, in more than on day, i get the results with date and many informations more:

Regards,

Markus

Hello,

 which firmware version do you use?

Regards,

Michael

Hello Michael,

i've found a appliance with 9.600005 installed and It seems, this method of displaying the results was replaced in 9.7.

Regards,

Markus

Hello Markus,

oh I see what you mean, yes it is different in 9.7 Sorry I was confused.

You can still see this way, well similar if you open the Archived Log files. But maybe is not as handy.

I checked on a UTM running 9.5 but it shows the same way as 9.7

Regards,

Hallo Markus,

Yes, in the Firewall Live Log and in viewing the Firewall log in 'Logging & Reporting', the format is changed so that you can see more lines quickly.  To do troubleshooting, you still need to go to the full Firewall log file.  Unfortunately, viewing today's full log file requires looking at /var/log/packetfilter.log from the command line.  As I recall, this started with V9.5.

Cheers - Bob