Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1093 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMB traffic port 445 not being logged in logged viewer

Michael_M2

Hi,

I've created a rule to log all traffic from a particular host. I've noticed traffic from port 445 (SMB) isn't being logged in the log viewer.

If I do a packet capture (see below), traffic is being forwarded and the correct rules with logging (19 & 5) but no mention in log viewer.

Is there a reason why traffic isn't being captures in the log viewer?

Michael.



This thread was automatically locked due to age.
Parents
  • 0

    SMB is likely a long living session. Therefore the session can exists for hours / days and be used. Logviewer will only protocol the Session initialization packet (first packet). 

    If you check the packet capture, do you see the same Port numbers as in your screenshot? 

  • 0 in reply to LuCar Toni

    Hi Lucar,

    Not sure what you mean regarding seeing the same port number ?

    The above capture is when I’m doing an active copy between the 2 servers.

    Both firewall rules have the option to log enabled which is why I’m a little confused.

    I might need to open a case with support to investigate further.

    Michael

Reply
  • 0 in reply to LuCar Toni

    Hi Lucar,

    Not sure what you mean regarding seeing the same port number ?

    The above capture is when I’m doing an active copy between the 2 servers.

    Both firewall rules have the option to log enabled which is why I’m a little confused.

    I might need to open a case with support to investigate further.

    Michael

Children
No Data