No traffic logs on NSM



  • Hi,

    I have recently installed an IDP75 box with NSM 2010.2. I added the device on NSM, I updated NSM and pushed a policy to IDP and placed my pc behind IDP. I checked traffic logs in NSM, there was a lot of logs (icmp, pop3,smtp,http), they were generated by my pc. Then I replaced my pc with another machine, there traffic logs stopped suddenly, I put back my pc behind IDP but still no traffic logs. I can see that DI/IDP logs are generated when scanning with nmap but no traffic logs.

    Did someone face the same issue?


  • administrators

    I don’t think the IDP logs traffic by default, it only logs signature matches and anomalies.  But you may be able to create a policy line that logs everything.



  • sure the machine got the correct ip address and default gateway?

    :?



  • check nsm services if theyre up (sh /usr/netscreen/GuiSvr/bin/guiSvr.sh status)

    sh /usr/netscreen/DevSvr/bin/devSvr.sh status

    or check if your nsm had the necessary patches / schemas for IDP 75



  • there could be lots of reasons why youre not getting the logs,

    what was the policy defined, is the other machine included in the policy?

    what was the gateway of your other machine

    have you checked the services on nsm?


 

23
Online

38.4k
Users

12.7k
Topics

44.5k
Posts