Grouped NetScreen's don't show logs properly

[gmail2]

We have 2 NS204's which are group together into one logical device. However, when traffic goes through, it seems like not all traffic is logged - why is this? Is there some setting that we need to check or ... ?

I'm not too well up on NetScreens, kind of learning on the job here. If somebody could help me out I'd really appreciate it.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published

 

[MaxPipeline]

Not clear what you mean by group together as one logical device. Do you mean that you have the two Netscreens configured as an NSRP cluster? Regarding logging of traffic, this is done on a policy basis. So in order to log traffic you must enable it on policy. That also means if traffic is dropped due to implicit deny then this will not log unless you place a policy to deny all and enable logging.

 

[gmail2]

Sorry ... yea, I meant that they're clustered. For the life of me I couldn't remember that word yesterday when I was posting !! It's configured as master and backup.

Yea, it's the policies that I'm referring to - when I check the logs - they don't show that any traffic matched that policy, even thought I know it did. Any ideas why this might be? There's no other policy that it could have matched earlier on in the list of policies either.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published

 

[stooo]

do you have the log at session beginning box checked? otherwise it will wait for the session to be finnished before it logs it

 

[gmail2]

ooh ... you mite be onto something there - where do I do that? I can't find anything under the individual policies

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published

 

[stooo]

next to the logging tick box, depending on what version you are using.. I think its version 5.2 and above, but not sure

I think on earlier versions it will only log when the session is finnished