Hello everyone,
I wanted to look for other users' experience with the search log file feature. I'll give an example. In the last 24 hours a host showed up which logged > 290,000 dropped packets.
We wanted to collect some samples to send to the abuse team responsible for the IP. So what do we do? We search for that IP for today in the log files for the firewall component. The resultant is that a new window pops up, and the log entries are not shown all at once, but rather inserted 10-20 lines at a time. So you would literally have to wait 30-45 minutes for those 300,000 events to come up before you can even copy and paste select few.
Is this reasonable? I don't think so. I mean, if it's a linux box, and all it's doing is a cat of firewall.log (or whatever name of the file) and then applying a grep filter it should be done in minutes, if not seconds.
Can anyone provide some clarification or expertise? If I call support, I'm just going to get the "oh, we have logging and reporting issues with 9.308, it will be fixed sometime soon", which is just malarkey.
We are running an SG430 with 9.308-6. My understanding is that it boasts a 120GB SSD drive for logging and SMTP handling, so I'm really not sure why it's this slow.
I can see in the KIL:
ID32446 9.104 Webadmin runs into timeout during lengthy report generation
------------------------------------------------------------------------
Description: The WebAdmin runs into a timeout while the query is
executed (timeout warnings may be displayed in WebAdmin).
This may happen if it takes too long to generate the
dashboard data which is derived from the database.
Workaround: none
Fixed in:
But this isn't really a) our issue b) not even planned to be fixed.
Are we doing something wrong?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
