No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

Elog filter rule set fault caused can not receive SYS-LOG

Publication Date:  2012-09-25 Views:  348 Downloads:  0
Issue Description
Problem phenomena:3 E1000E firewall,use elog manage firewall dialog and syslog,when installing,can check dialog of firewall. Then staff check syslog of firewall elog,found 2 of 3 firewall syslog(E1000E-1 and E1KVPN)can not found out,but can check dialog 
Alarm Information
none
Handling Process
1 soon after elog startup,user set firewall syslog filter policy in elog,filtrate syslog of E1000E-1,background run record as follows. (As most early elog background record is 8.23,so list since 8.23)

2011-08-23 20:41:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-24 00:00:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-28 12:10:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-29 00:00:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 12
2011-08-31 09:56:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 16
2011-08-31 18:58:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 10
2011-08-31 18:59:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 0
2011-08-31 19:00:00,000 INFO  0x00000734 LogCollector - [ESFilterMgr::printFilteLogNum] Number filte eudemon syslog every minute: 0

Above run record,means at last minute,in syslog of elog received,how many log been filtered,one minute record once。We can see,from 8.23 to 2011-08-31 18:58:00 12 syslog been filtered every minute,after that,never has a syslog been filtered,because at 2011-08-31 18:58,we delete E1000E-1 off elog,elog can not receive its syslog. at the same time,will delete corresponding filter policy of this equipment,so,add it again,will not filter its syslog,and can check its syslog  
2 about filter policy
Elog filter policy has 2, overall filter policy and partial filter policy
overall filter policy:admin log on,configuration in effect for all of equipments
Partial filter policy:operator log on,need to set given equipment,just in effect for chose equipment
Root Cause
1 check firewall configuration of sys-log,normal
2 check firewall interzone policy configuration,normal
3 check firewall communication to elog,normal
4 check elog configuration,in filter policy configuration has faults
Suggestions
Cancel all of overall filter policy and partial filter policy,then will not filtrate dialog

END

Contribute Articles
Huawei Enterprise APP

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.