1 Reply Latest reply: Oct 31, 2013 3:47 AM by Peacekeeper RSS

    How do I enable session open logs in sidewinder firewall?


      Hi All,


                     Geetings, Good Morning


                     In my enviornment, I am getting only session end log, I belive I should get the session open log also.


                       For eg:


                       <133>Oct 30 08:56:41 sw1 auditd: date="2013-10-30 13:56:41 +0000",fac=f_http_proxy,area=a_libproxycommon,type=t_nettraffic,pri=p_major,pid =2085,logid=0,cmd=httpp,hostname=sw1.dtc.local,event="session end",application="http - Web",app_risk=low,app_categories=infrastructure,netsessid=b517752711019,srcip=1 0.xxx.10.12,srcport=64069,srczone=internal,protocol=6,dst_geo=US,dstip=38.xx.98. 199,dstport=80,dstzone=external,bytes_written_to_client=0,bytes_written_to_serve r=187,rule_name="Outbound Web_2",cache_hit=1,start_time="2013-10-30 13:56:41 +0000"


                       In the above log, I see event as "session end", I believe I should get a corresponding open log for it. Please guide me in this.