Contact Us
- Post a Public Question
- Email Us
-
Chat with us
Call Us @ 888.885.6711
Support Center
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB
No website Activity Logged
Howdy!
Without opening a ticket with SonicWALL, any idea why we are seeing zero events logged under
Security Services\Content Filter\Website Accessed and Website Blocked?
However at looking at
Log\Syslog\Syslog Website Accessed I see plenty of events??
We are running a Demo key, I love the improvements made. Assuming we will be able to log the web traffic, then we will surely get licenses. :) Appreciate it!
Hey Brian,
Thanks for getting in touch about this.
The Log\Syslog\Syslog Website Accessed events are the main events we pay attention to for website activity. The other two events I believe are logged when the IPS feature is responsible for blocking/allowing traffic rather than the CFS feature. But I'll try to get some clarification on that from SonicWall and get back to you.
Cheers!
Scott
Thanks for getting in touch about this.
The Log\Syslog\Syslog Website Accessed events are the main events we pay attention to for website activity. The other two events I believe are logged when the IPS feature is responsible for blocking/allowing traffic rather than the CFS feature. But I'll try to get some clarification on that from SonicWall and get back to you.
Cheers!
Scott
Thanks Scott,
Long time no chat. :) ok, if the Log\Syslog\Syslog Website Accessed/Website Blocked is what is logged, then I am not seeing the activity in FastVue and definitely not the categories etc.
I am going to let it run again over night and then tomorrow to gather more data. IN out case, we are just logging activity. Nothing is blocked, so we should have lots of data. Appreciate it!
Long time no chat. :) ok, if the Log\Syslog\Syslog Website Accessed/Website Blocked is what is logged, then I am not seeing the activity in FastVue and definitely not the categories etc.
I am going to let it run again over night and then tomorrow to gather more data. IN out case, we are just logging activity. Nothing is blocked, so we should have lots of data. Appreciate it!
Hey Brian,
If you're now seeing any web traffic, then it could mean that SonicWall's CFS feature is not in play. Make sure it is enabled and you have at least one rule that blocks and/or allows categories to force the traffic to be evaluated against CFS.
Look forward to hearing how you go!
Cheers!
Scott
If you're now seeing any web traffic, then it could mean that SonicWall's CFS feature is not in play. Make sure it is enabled and you have at least one rule that blocks and/or allows categories to force the traffic to be evaluated against CFS.
Look forward to hearing how you go!
Cheers!
Scott
Howdy!
We have a polcy that allows everything and blocks just Malware, category 59. So based on what I am seeing we should be logging something.
However the productivity sections of the Dashboard are still 0%
We have a polcy that allows everything and blocks just Malware, category 59. So based on what I am seeing we should be logging something.
However the productivity sections of the Dashboard are still 0%
Hey Brian,
Thanks for the information. It sounds like SonicWall is not logging categories for allowed traffic. Can you make sure the "Override Syslog Settings with Reporting Software Settings" checkbox is checked as per this article:
http://www.fastvue.co/sonicwall/blog/sonicwalls-not-rated-syslog-bug-and-workaround
Let us know how you go!
Cheers!
Scott
Thanks for the information. It sounds like SonicWall is not logging categories for allowed traffic. Can you make sure the "Override Syslog Settings with Reporting Software Settings" checkbox is checked as per this article:
http://www.fastvue.co/sonicwall/blog/sonicwalls-not-rated-syslog-bug-and-workaround
Let us know how you go!
Cheers!
Scott
Currently we are running SonicOS Enhanced 6.2.7.1-23n and I have noticed a few things that are different. I don't even have the Override Syslog Settings with Reporting Software Settings option. Also I noticed the option to apply a CFS Policy at the zone level is gone.
I just opened a trouble ticket with SonicWALL. Since last night, we have had only 25,000 records sent to FastVue accounting the site. So something's definitely not right on the SonicWALL side.
Once I hear back from then I'll let you know.
I just opened a trouble ticket with SonicWALL. Since last night, we have had only 25,000 records sent to FastVue accounting the site. So something's definitely not right on the SonicWALL side.
Once I hear back from then I'll let you know.
Hey Brian,
Thanks for the info. 6.2.7.1 includes CFS 4.0 which completely new. Go to *Firewall | Content FIlter Objects* to check you have some CFS objects (such as a block action and profile to block malicious traffic), then use them in policies in *Security Services | Content Filter* (this is where you apply CFS actions to source/dest zones etc).
I'll also let you know that there's logging bug in 6.2.7.1 where the 'size' of web traffic is incorrectly recorded for anything going through the DPI SSL feature. If you're not using DPI SSL then this won't be an issue, but we recommend enabling it to report on google search terms, youtube video IDs and anything else where the key information is beyond the 'domain' part of a url. SonicWall are aware of the issue and are currently working on a fix.
I hope this helps! Let us know how you go.
Cheers!
Scott
Thanks for the info. 6.2.7.1 includes CFS 4.0 which completely new. Go to *Firewall | Content FIlter Objects* to check you have some CFS objects (such as a block action and profile to block malicious traffic), then use them in policies in *Security Services | Content Filter* (this is where you apply CFS actions to source/dest zones etc).
I'll also let you know that there's logging bug in 6.2.7.1 where the 'size' of web traffic is incorrectly recorded for anything going through the DPI SSL feature. If you're not using DPI SSL then this won't be an issue, but we recommend enabling it to report on google search terms, youtube video IDs and anything else where the key information is beyond the 'domain' part of a url. SonicWall are aware of the issue and are currently working on a fix.
I hope this helps! Let us know how you go.
Cheers!
Scott
Hey Brian,
Just FYI... I had some feedback from SonicWall on when the "Security Services\Content Filter\Website Accessed and Website Blocked" get logged.
Website Blocked (ID 14) is logged when CFS blocks a website.
Website Accessed (ID 16) is only relevant when using CFS 3.0. So don't expect this log event to have anything in the 'Event Count' column if you're using SonicOS 6.2.6 and above (CFS 4.0).
Did you have any luck troubleshooting the issues you were having with SonicWall?
Cheers!
Scott
Just FYI... I had some feedback from SonicWall on when the "Security Services\Content Filter\Website Accessed and Website Blocked" get logged.
Website Blocked (ID 14) is logged when CFS blocks a website.
Website Accessed (ID 16) is only relevant when using CFS 3.0. So don't expect this log event to have anything in the 'Event Count' column if you're using SonicOS 6.2.6 and above (CFS 4.0).
Did you have any luck troubleshooting the issues you were having with SonicWall?
Cheers!
Scott
Yes, all good now. I need some additional tweaks, but definitely over the hump.
Great to hear!
Let us know if there's anything else we can help with.
Cheers!
Scott
Let us know if there's anything else we can help with.
Cheers!
Scott
Hi Brian,
Im facing the exact issue, what additional tweaks did you apply?
Im facing the exact issue, what additional tweaks did you apply?
Hey Jesoni,
What version of SonicOS are you running and what is the exact issue that you're seeing?
Cheers!
Scott
What version of SonicOS are you running and what is the exact issue that you're seeing?
Cheers!
Scott