1 Reply Latest reply on Feb 24, 2016 4:55 AM by lnurmi

    `Terminate` action in IPS Log

    schroederm

      Hi, I have a log export scheduled in SMC targetting FW Log, L2FW, IPS Log, Alert, Alert Event Trace and Audit. The task runs smoothly and everything looks fine except that the result's missing all IPS Log entries with an action value of `Terminate`. We have a quite a few of those and I can view them inside the SMC without problems. Is there a reason that my log doesn't contain these entries? Is there a way to configure which actions will be exported and which won't? Any help on this topic is greatly appreciated. Thanks in advance.

        • 1. Re: `Terminate` action in IPS Log
          lnurmi

          Hi,

           

          unless you have defined a filter in the task properties then it will export all the logs you specified. Default filter is "Match all". If you have several Log Servers, maybe the one where those Terminate logs are stored is not included as a target in the task?

           

          I could not reproduce this in 5.9.4. If the issue continues for you in latest 5.9 or 5.10 version I'd recommend opening a ticket.

           

          BR,

          Lauri