Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 2292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is the firewall log and content filter the same as the log content

mehmet sinansahin

Is the firewall log and content filter the same as the log content. There is a MAC address in the firewall logs. but the content filter also does the mac address. The content reflected on the content filter is also reflected in the logs of the fire wall. I'm collecting content filter logs.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FloSupport
    device="SFW" date=2018-11-01 time=20:50:56 timezone="+03" device_name="SFVH" device_id=C01001M996FTV83 log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=2 user_name="sinan" user_gp="AnamakinaServer" iap=14 category="Social Networking" category_type="Unproductive" url="scontent.fist4-1.fna.fbcdn.net/" contenttype="" override_token="" httpresponsecode="" src_ip=192.168.0.111 dst_ip=159.146.78.81 protocol="TCP" src_port=61098 dst_port=443 sent_bytes=1611 recv_bytes=12351 domain=scontent.fist4-1.fna.fbcdn.net exceptions=av,https,policy,sandstorm activityname="" reason="" user_agent="" status_code="200" transactionid= referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id=314462272 application="Facebook Website" app_is_cloud=1
     
    device="SFW" date=2018-11-01 time=20:50:56 timezone="+03" device_name="SFVH" device_id=C01001M996FTV83 log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=30 fw_rule_id=5 policy_type=1 user_name="tr29" user_gp="Musteri Bilgisayarlari Grubu" iap=13 ips_policy_id=0 appfilter_policy_id=0 application="" application_risk=0 application_technology="" application_category="" in_interface="Port1" out_interface="Port3" src_mac=78:24:AF:3C:4B:D6 src_ip=192.168.0.29 src_country_code=R1 dst_ip=145.239.8.133 dst_country_code=FRA protocol="UDP" src_port=57896 dst_port=27007 sent_pkts=1 recv_pkts=0 sent_bytes=93 recv_bytes=0 tran_src_ip=192.168.3.2 tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Stop" connid="223947616" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud=0
     
     
    English is bad because I can not express fully. There are two log samples above. these loops were in a row. one of them contains a firewall log mac address. the other content filter log does not contain mac address. that's what I want; all external visits contain mac address. if the content filter visit is also reflected in the firewall log, no problem. Because we log on the MAC address legal obligation.