[7.470][BUG][NOTABUG] Reporting entries can't be found in logs

This question was posted by a member kwyrick in regular forms and upon searching I couldn't find a reasonable answer so it is a bug. In my daily reports, I have top 10 services. You would think that the top 10 services are generated by some script querying the packet filter database. But I can't find any logs of some of these services in packet filter.
For example in my daily report (screenshot) I have service TCP 50528 and TCP 43135 in top 10. But when I query my logs for the past 2 days, I don't see any hits. Heck I don't have anything in the past week. I can upload my packet filter logs also if needed but I think it can be reproduced easily.

Parents

0 Astaro Beta Bot over 16 years ago

Astaro Beta Report
--------------------------------
Version: 7.470
Type: BUG
State: NOTABUG
Reporter: Billybob
Contributor: 
MantisID: 
--------------------------------

0 andreas over 16 years ago in reply to Astaro Beta Bot

I think there's a simple misunderstanding here.
Top 10 services is about network usage, therefore it is querying the network accounting database. Additionally, allowed traffic is usually not logged anywhere; the packet filter database only contains events which have been blocked for whatever reason, unless you explicitly enable allow logging which I wouldn't advise unless you REALLY need it (this will generate a lot of logging data fast).
I hope I understood you right and this helps to clarify things.

Cheers,
andreas
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 andreas over 16 years ago in reply to Astaro Beta Bot

I think there's a simple misunderstanding here.
Top 10 services is about network usage, therefore it is querying the network accounting database. Additionally, allowed traffic is usually not logged anywhere; the packet filter database only contains events which have been blocked for whatever reason, unless you explicitly enable allow logging which I wouldn't advise unless you REALLY need it (this will generate a lot of logging data fast).
I hope I understood you right and this helps to clarify things.

Cheers,
andreas
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Billybob over 16 years ago in reply to andreas

Thanks for the feedback andreas. I understand that unless logging is enabled explicitly, the allowed traffic is not logged. That is whats confusing. I have logging enabled for all packet filter rules. So when I look at top 10 services and want to know more about some services, in the example above TCP 50528, I should be able to find some log entries in packet filter logs but I am not finding anything[:S] I don't have but one any any rule and that is from my LAN to DMZ so I am not panicking, its probably my exchange server listening on strange ports but I should be able to trace it.

I have added another screenshot for my services from excutive report for today. I can find all services and understand http usage etc but I can't find any logging of service 53680 TCP. Its an unusual port and has 2.8MB traffic logged on it. Where can I find more information about this, surely packet filter right?
- top10.JPG
- View
- Hide
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel