No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Wrong logbuffer number is displayed in USG5500

Publication Date:  2014-06-30 Views:  123 Downloads:  0
Issue Description
A customer replied, when he displayed logbuffer inUSG5500, he found that the number of logs was not correct. As shown in the following picture, the “Allowed max buffer size” is 1024, but the “current message” is only 515,the newer logs over wrote the older ones. The number of “Overwritten message” kept increasing. 

Alarm Information
None
Handling Process
(1) From the  parameter in command ” display logbuffer”, we can that there are actually many log types:

From the product documentation of USG5500, we can see :
sec-log, av-log, and ips-log are attack defense logs and are stored in attack defense log buffer. Other logs are stored in the system log buffer.
Confirmed with R&D, I found that the “Allowed max buffer size” in the command  “display logbuffer” includes attack defense logs and Other logs.
(2) Check the attack defense logs one by one, and I found that the “Allowed max buffer size” for attack defense logs is 512. And now there are 3 messages.

(3) Checked the command logs which are stored in the system log buffer, and I found that number of the logs reached the the “Allowed max buffer size”. That’s why the newer logs over wrote the older ones .

As a result, from the above analysis, even though the number in the command “display logbuffer” is a little confused, but it’s normal.
Root Cause
1) There is a bug in firewall.
2) There are many log types, and each type has its own max number. But the logbuffer command only shows the total number.
Suggestions
When using firewall, if you have doubt in the result of some commands, you can look at the product document to check the detail description. If you can’t find the answer, you can contact R&D.

END