No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The user traffic graph shows no data on VSM server when works with USG2260 case

Publication Date:  2014-08-30 Views:  132 Downloads:  0
Issue Description
The customer can’t see any data in the [Online behavior] function on the VSM server. All the graphs are empty under this label.
Issue was shown:
Alarm Information
None
Handling Process
Firstly, refer to the product documentation, to check if the configurations of the USG2260 and VSM server have some incorrect points. After check, I find the configurations are same with the example in the documentation.
Because the [Online behavior] function needs the USG2260 sends the binary logs to VSM server. I check if USG2260 device sends logs to VSM server on the USG2260 device, but the statistic of the logs is zero and doesn’t increase. Shown below:

[USG2260]display firewall session log-type binary statistic                 
17:20:04  2014/08/2                                                           
Total send packets:                      0                                     
Total send Items:                        0                                     
Total drop packets:                      0                                     
Total drop items:                        0                                     
Total send items during the last minute: 0                                     

So it seems like the USG2260 didn’t send any binary logs to VSM server.

And then, I check the USG2260 configuration again, they are same with the example. And I make sure there were a lot packets match the session log ACL.

Finally, I think maybe there are some default configuration is different and can’t be shown in the configuration. So I check the session log-type configuration, I find that the log-type is not binary, but syslog. Shown below:

[USG2260]display firewall session log-type                                   
18:20:14  2014/08/2                                                           
Session log output mode is syslog.  

The root cause maybe is this incorrect log-type configuration. I change the log-type by using the following command to binary:

[USG2260]firewall session log-type binary

 After change the configuration, I check if the USG2260 sends binary logs to VSM server again, this time shows OK, there are a lot of packets have been sent, and the statistic is increasing. As following:

[USG5500-1]dis firewall session log-type binary statistic                     
18:32:34  2014/08/2                                                           
Total send packets:                      2123                                     
Total send Items:                        2123                                     
Total drop packets:                      0                                     
Total drop items:                        0                                     
Total send items during the last minute: 1  

Meanwhile, I check the VSM server, the [Online behavior] function graph is OK, there are a lot of data are shown in the graph. Shown below:



But be noticed that these graph needs some time to collect and analyze the logs, so there need some time to show the graph. And different graph needs different time. Almost about one hour.
Root Cause
According the information and the issue screenshot customer feedback, the possible reason are:

(1) There are some incorrect configuration on the USG2260 or the VSM server.
(2) The USG2260 doesn’t send logs to VSM server.
(3) VSM server process the logs incorrectly.
Suggestions
When the USG firewall works with the VSM server, need to check the log-type and confirm which logs the VSM server graph needs. And check if configure correct function on the USG firewall device.

END