I can see IPS log entries when I manually inspect the IPS log files but the IPS portion of the daily executive report has been blank for months. I used to see IPS entries in almost every daily report.
Also, zero is reported for all IPS statistics on all of the tabs (including the IPS tab) when I go to Logging & Reporting->Network Protection.
Is there a setting that I have inadvertently changed, was IPS reporting changed in a release or is this a bug? All other reporting seems okay.
Maybe I missed it but my forum searches did not turn up a list of IDs or types (e.g., info, warn, error) of IPS log entries which are ignored by reporting. I find it odd that I went from almost daily IPS attacks being reported to none. The only thing that comes to mind is that, months ago, I switched from using a DNAT to using the WAF for a particular server.
This thread was automatically locked due to age.