At the moment understand what's going on is very HARD. Live logs are missing and notepad on every section is missing.
Add live log and allow admins to configure itself coloured live logs (globally or on single windows?). In this way logs have different level of importance and Admins can better understand if they need to worry about or not. For example allows Admins to set red for high-risk/denied traffic/system error, yellow for warning/natted/or whatever and so on.
I really love the live log on Firewall section of UTM9 where reading what's happen is very very easy.
We have released significant improvements to logging since this idea was first posted.
There are certainly still more things we could do.
I’m closing this item in the hope that users will post some more specific and detailed ideas for where to go next, with good examples of use cases/value provided. There are also many interesting ideas already posted that you could support or contribute to.
This should not be closed. Logging is still a mess (especially if you try to find logs on the CLI). Did not test this on the V18 - but if you set two or more filters, the log does not stop loading. Realtime logging is more a "click on refresh to get update" logging
Rich, this idea should not be closed as understanding logs still on v18 is a mess. If you do not use tail -f, cat and other command line commands, you cannot really understand what's going on. Conntrack for example should report logs into UI. We also need Flow Monitor as UTM9 and responsive UI logs menu. When you switch from one menu to another (for example from firewall to application), XG takes time and users lose their patience. UTM9 has a huge better log output, flow monitor and it is very responsive. Copy or import log part from UTM9 and we are happy. Remove the connection list tab as it is useless.
Improve logging. I could write what's missing in many pages, but I will simply refer to CheckPoint's logs. Just do it like them.
Frank Barton commented
Also, maybe ship settings for better pareing of logs in SIEM packages such as splunk
Marcel Kamenz commented
Webbased access of the log files and debugging commands would be nice. Please fix this, UTM can do this for years....
Luiz Felipe Lins Dias commented
Resultados da pesquisa
will be very nice if the log search box understand regex strings.
A better filter that can show or hide a log based on text that´s is filtered by a REGEX.
Stefan H commented
we have 17, but it's not solved, hopefully planned
Daniel M. commented
is it solved or planned v17 is released
Matt H commented
Also, please add consistency to the Firewall/webfilter and similar log messages. Right now, some data fields in the messages are surrounded by quotes and some are not. When sending logs into a central logging system it makes it more difficult to break the message down into easily indexed fields, graylog Key-value extractors for example, make it very simple to create the indexes for searching/analyzing.
Anthony Groleau commented
Being able to filter source and destination ports would also be an helpful feature to have. Only the source or destination IP can be filtered (as of build SFOS 16.05.1 MR-1).
Oh, and last thing. This was noted as planned on march 17th. And i did not see any real improvements in the last MR-3 release... :-(
Please give an estimate on when we can hope to see some improvement in loggin features og XG platform!
And by the way having to scroll the screen up an down all the time and then next scrolling to the side only being at the bottom is a nightmare!
Please - most have full HD displays this day and age. Please use it for the love of something!
I reccomend you stop using fixed size pages, and make use of what available space there is on the screen - dynamically presenting the iframes, or whatever you're using to fit the whole screen.
AND, if you could possibly trim some of all that extra spacings that have snuck in everywhere!
Only admins looks at the log views. And we don't need something pretty, tabled friendly snafu. We want as much information crammed onto the page as possible!
And please also consider making a way to see ALL logs in one page.
John Paterson commented
Really? To search goto CLI? Is this 1980?
Add functionality similar to UTM 9 where you can search, view past logs etc. Right now the "Live" only which isn't acually live like UTM 9 is simply is not enough!
Julián Santos commented
Logs all applications should be viewed in real time and not with updates every 30 seconds and in a new window, the format also should look something like the version 9 of SG, the subject of reports also should look like, for use firewall, proxy and web protection reports.
David McLaughlin commented
Solution sounds great.
Chad Kreimendahl commented
Nearly every firewall competitor has this type of logging... Here is an example of a logfile line from a major (small business) competitor. This line looks nearly identical to what you'd see in all the big players, and even just on basic linux logs.
2016-03-08 16:33:19 Deny 10.22.100.58 10.255.210.98 32921 17086 2-IF-Office-Two 1-IF-Core-Network Denied 56 63 (Block Remaining Internal-00) proc_id="firewall" rc="101" msg_id="3000-0148"
Watching these stream by with updates every 5 seconds is IMMENSELY HELPFUL in tracking down any firewall issues.
Firewall live logging with decent filtering (regex based filter option would be great) is a must for using it in an enterprise setup!
Paul Zindell commented
search logging, there should be ability to search keywords such as IP address, user name, firewall rule, etc....this search should be able to search through all log categories so you don't have to figure out which log category to look through.
Live log is fundamental for a sysadmin