1
23.1 Legacy Series / howto use livelog correctly
« on: October 26, 2023, 11:34:15 am »
Please help me to understand the live log correctly. I am having extreme problems looking up anything there for debugging purposes. I mostly switch back to TCPDUMP.
For example I have a mailserver. I go into the livelog, enter the filter "src IP mailserver" or "dst IP mailserver" and nothing is displayed.
Neither my ping tests, nor the mails coming in, nor anything else.
At the same time, several mails per second go through this server, but I can't see anything in the livelog.
Do I need to check "enable logging" everywhere in the ruleset?
The mail server is in a DMZ, which means that all connections have to go through the firewall and therefore have to be visible in the livelog.
Maybe I have too many connections, so it can't show up in the livelog? I do not know exactly where I see the active connections, but the firewall has 32k active states.
don't get me wrong, when i run the livelog without filter, i see dozens of entries that change very quickly.
For example I have a mailserver. I go into the livelog, enter the filter "src IP mailserver" or "dst IP mailserver" and nothing is displayed.
Neither my ping tests, nor the mails coming in, nor anything else.
At the same time, several mails per second go through this server, but I can't see anything in the livelog.
Do I need to check "enable logging" everywhere in the ruleset?
The mail server is in a DMZ, which means that all connections have to go through the firewall and therefore have to be visible in the livelog.
Maybe I have too many connections, so it can't show up in the livelog? I do not know exactly where I see the active connections, but the firewall has 32k active states.
don't get me wrong, when i run the livelog without filter, i see dozens of entries that change very quickly.