Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firewall/policy logs to syslog

tgatewood_
Occasional Contributor
‎04-24-2013 05:43:PM
‎04-24-2013 05:43:PM

Firewall/policy logs to syslog

Is there any way for an SA to send policy permits and denies to syslog? The SRX sends out all sorts of detailed logs, but it seems like the SA doesn't send a thing? It makes things really hard to troubleshoot when I can't see the SA blocking traffic.

Thanks!
0 Kudos
Reply
1 REPLY 1
mtessier_
Frequent Contributor
‎11-09-2009 11:25:AM
‎11-09-2009 11:25:AM

Re: Firewall/policy logs to syslog

Events are logged locally and can be sent to one or many syslog servers. Navigate to  System > Log/Monitoring > (Events or User Access or Admin Access) > Settings to configure your syslog servers and what you want to log.

I'm going to make the assumption that you're referring to VPN tunneling clients like Network Connect and Pulse when you say "policy permits and allows". I've troubleshot ACLs on cisco gear in the past and I don't think that you're going to find analogous packet drop list on the IVE or MAGs.

If you're allowing or blocking network ports and subnets that a user can reach with the VPN tunneling cliends based on Host Checker policies, I'd suggest using the User  Access logs to see what roles and thus what policies are being assigned to a user once they're logged in. If your configuration is such that you have many VPN tunneling access policies assigned to a small number of roles, it may be easier to collect a policy trace for a user's session instead.

Does this help?

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.