Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
221 Views 1 Reply Latest reply: Oct 31, 2013 3:47 AM by Peacekeeper RSS
viswesh1406 Newcomer 2 posts since
Oct 31, 2013
Currently Being Moderated

Oct 31, 2013 2:18 AM

How do I enable session open logs in sidewinder firewall?

Hi All,

 

               Geetings, Good Morning

 

               In my enviornment, I am getting only session end log, I belive I should get the session open log also.

 

                 For eg:

 

                 <133>Oct 30 08:56:41 sw1 auditd: date="2013-10-30 13:56:41 +0000",fac=f_http_proxy,area=a_libproxycommon,type=t_nettraffic,pri=p_major,pid =2085,logid=0,cmd=httpp,hostname=sw1.dtc.local,event="session end",application="http - Web",app_risk=low,app_categories=infrastructure,netsessid=b517752711019,srcip=1 0.xxx.10.12,srcport=64069,srczone=internal,protocol=6,dst_geo=US,dstip=38.xx.98. 199,dstport=80,dstzone=external,bytes_written_to_client=0,bytes_written_to_serve r=187,rule_name="Outbound Web_2",cache_hit=1,start_time="2013-10-30 13:56:41 +0000"

 

                 In the above log, I see event as "session end", I believe I should get a corresponding open log for it. Please guide me in this.

 

 

Regards,

M.Viswesh.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points