Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 8591 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall logs are not displayed in order

Billybob

I have always been critical of XG's logging capabilities. I want to like this firewall so much and appreciate some of the excellent qualities (firewall policies/QoS) of XG. But then it lets me down with logging every time. I was trying to create a Business policy to redirect NTP traffic but was having a hard time seeing anything in the log. That is till I realized that XG randomly logs packets out of order. What a joke[:#]

Notice that the packet I was expecting to see in the logs showed up almost a minute late and out of order. What is going on guys?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    I have applied the latest firmware update and the problem still persists. Its really not as random as I first thought. It seems that the allowed firewall rules are logged separately from the denied rules and when I generate traffic on an allowed firewall rule, I get the logs out of order.

    and here is the firewall rule generating traffic.

    I don't understand the 3 minute logging rule, can you please elaborate on that also?

    Thanks.

  • 0 in reply to sachingurung

    Sachin,

    What Bill is saying is correct. Can you check internally if this behavior is going to change? All of us are suffering for XG log and troubleshooting and it does not make sense that now logs are not displayed in time order. Thanks

  • 0 in reply to lferrara

    Hi Luk,

    I will check that internally and revert back.

    Thanks

  • 0 in reply to Billybob

    Hi Billy,

    i tried the same on my firewall and as I can understand the logs are sorted by Action and timestamp. 

    I clicked on the text "Time", to the left of the hourglass and then it has actually sorted the logs out for me on the timestamp. 

    Could you please give it a try and share your observation

    Regards,

    Varun

  • 0 in reply to varunparikh

    Great observation Varun, I can indeed sort the logs by time stamp. Strange that XG doesn't do that by default when you are trying to view live log. Can you please clarify what you mean by

     

    varunparikh said:
    the logs are sorted by Action

    As from my screenshot above, the denied and allowed actions are mixed without any kind of order.

    In any case thanks for your answer, this was definitely helpful.

  • 0 in reply to Billybob

    Hi Billy

    What I meant was that, logs are sorted by "Time" and "Action" columns as a multiple criteria.

    Regards,

    Varun