This is a known issue. The logs are being generated, just not wherever the jweb gui is pointing. You can look at your file from the cli or you can download the files via jweb for offline processing. It is a little bit manual for the time being. Ron

Yes, you will have to either wait till it is resolved, use an external syslog server, or live with the alternate log viewing on the box.  My usual solution is using grep to find the logs that match the policy ID I am interested in from the firewall CLI.

 

Ron

Anyone know if this has been fixed in 10.4?

Thanks!

Nope.  As in no logging information present.

Anyone know if this is fixed in 10.4R3?

 

Having a tough time explaing to the customer that his new all singing and dancing firewall cant even show logs in Jweb. 

Go to Monitor/Events and Alarms/Security events. See if the log file(s) configured is being detected by the page. If not the "Creat log configuration" will be enabled. When you click on it it creates the proper syslog config and you can start seeing logs.

 

The important thing is the world readable attribute should be set.

 

This is a sample

 

# show | compare rollback 1
[edit system syslog]
     file inter { ... }
+    file policy_session {
+        user info;
+        match RT_FLOW;
+        archive size 1000k world-readable;
+        structured-data;
+    }

 

Regards

w00t!

 

Adding the world readable parameter solved my issue here, I now see logs within the log viewer in Jweb.

 

Note, I am using 10.2R3.10

 

Cuddles

 

DM

Oops, I spoke too soon.

 

I can get logs for some policies but not for others.

 

Basically I can see the logs in my custom traffic-log file when viewed from the CLI, and this does seem to refelct the corerect policy and zonal match however, when I click on the log icon in the security policay page, I get nothing returned.

 

Are there any caveats to what we can log successfully?  At the moment I am logging on session-close and have been waiting a while for all the sessions to time out fully.