At the moment understand what's going on is very HARD. Live logs are missing and notepad on every section is missing.
Add live log and allow admins to configure itself coloured live logs (globally or on single windows?). In this way logs have different level of importance and Admins can better understand if they need to worry about or not. For example allows Admins to set red for high-risk/denied traffic/system error, yellow for warning/natted/or whatever and so on.
I really love the live log on Firewall section of UTM9 where reading what's happen is very very easy.
Live logging in a popout window, and with color coded log lines, was released in v16. Further enhancements, such as a historical logs, a unified log viewer, and improvement of the contents within the logs is planned for v17.
Improve logging. I could write what's missing in many pages, but I will simply refer to CheckPoint's logs. Just do it like them.
Frank Barton commented
Also, maybe ship settings for better pareing of logs in SIEM packages such as splunk
Marcel Kamenz commented
Webbased access of the log files and debugging commands would be nice. Please fix this, UTM can do this for years....
Luiz Felipe Lins Dias commented
Resultados da pesquisa
will be very nice if the log search box understand regex strings.
A better filter that can show or hide a log based on text that´s is filtered by a REGEX.
Stefan H commented
we have 17, but it's not solved, hopefully planned
Daniel M. commented
is it solved or planned v17 is released
Matt H commented
Also, please add consistency to the Firewall/webfilter and similar log messages. Right now, some data fields in the messages are surrounded by quotes and some are not. When sending logs into a central logging system it makes it more difficult to break the message down into easily indexed fields, graylog Key-value extractors for example, make it very simple to create the indexes for searching/analyzing.
Anthony Groleau commented
Being able to filter source and destination ports would also be an helpful feature to have. Only the source or destination IP can be filtered (as of build SFOS 16.05.1 MR-1).
Oh, and last thing. This was noted as planned on march 17th. And i did not see any real improvements in the last MR-3 release... :-(
Please give an estimate on when we can hope to see some improvement in loggin features og XG platform!
And by the way having to scroll the screen up an down all the time and then next scrolling to the side only being at the bottom is a nightmare!
Please - most have full HD displays this day and age. Please use it for the love of something!
I reccomend you stop using fixed size pages, and make use of what available space there is on the screen - dynamically presenting the iframes, or whatever you're using to fit the whole screen.
AND, if you could possibly trim some of all that extra spacings that have snuck in everywhere!
Only admins looks at the log views. And we don't need something pretty, tabled friendly snafu. We want as much information crammed onto the page as possible!
And please also consider making a way to see ALL logs in one page.
John Paterson commented
Really? To search goto CLI? Is this 1980?
Add functionality similar to UTM 9 where you can search, view past logs etc. Right now the "Live" only which isn't acually live like UTM 9 is simply is not enough!
Julián Santos commented
Logs all applications should be viewed in real time and not with updates every 30 seconds and in a new window, the format also should look something like the version 9 of SG, the subject of reports also should look like, for use firewall, proxy and web protection reports.
David McLaughlin commented
Solution sounds great.
Chad Kreimendahl commented
Nearly every firewall competitor has this type of logging... Here is an example of a logfile line from a major (small business) competitor. This line looks nearly identical to what you'd see in all the big players, and even just on basic linux logs.
2016-03-08 16:33:19 Deny 10.22.100.58 10.255.210.98 32921 17086 2-IF-Office-Two 1-IF-Core-Network Denied 56 63 (Block Remaining Internal-00) proc_id="firewall" rc="101" msg_id="3000-0148"
Watching these stream by with updates every 5 seconds is IMMENSELY HELPFUL in tracking down any firewall issues.
Firewall live logging with decent filtering (regex based filter option would be great) is a must for using it in an enterprise setup!
Paul Zindell commented
search logging, there should be ability to search keywords such as IP address, user name, firewall rule, etc....this search should be able to search through all log categories so you don't have to figure out which log category to look through.
Live log is fundamental for a sysadmin
Very difficult to view live logs right now with the slow refresh.
Bring back the consolidated log folder. For Christ's sake!