ASG2200无法在Manager中查询应用行为日志

发布时间:  2016-08-19 浏览次数:  304 下载次数:  0
问题描述
 ASG2200无法在Manager中查询应用行为日志,之前都是正常的,中间服务器故障了重新安装了操作系统,现在日志查询里面网站查询有信息上下线也有,其他大部分都没有数据

 

 

 

处理过程

1、 Windows server 2008  R2 standard 系统, 之前为enterprise 版本, 更换操作系统重新安装 ASGmanager  依旧无法采集到对应的信息

<ASG2200>dis cur  | in 514

16:51:07  2016/07/02

  info-center loghost 192.168.230.2 514 description asgManagerLogHost

  info-center loghost 192.168.230.2 514 description asgManagerLogHost

 

<ASG2200>display current-configuration | include 9002

16:51:13  2016/07/02

  firewall session log-type binary host 1 192.168.230.2 9002

<ASG2200>

 

  <ASG2200>display utm bypass state

 16:58:05  2016/07/02

   UTM bypass function is enabled.

   UTM bypass function is inactive at current.

2查看514端口的会话有去无回;没有到目的端口是9002的会话

 

 

<ASG2200>display firewall session table verbose destination-port 514

16:47:04  2016/07/02

  Current Total Sessions : 1

   syslog  VPN:public --> public

   Zone: local--> trust  TTL: 00:02:00  Left: 00:02:00

  Interface: Vlanif2  NextHop: 192.168.212.253  MAC: d4-6a-a8-71-f5-53

   <--packets:0 bytes:0   -->packets:4939117 bytes:2165648804

   192.168.212.252:3456-->192.168.230.2:514

 

 <ASG2200>display firewall session table verbose destination-port 514

16:47:10  2016/07/02

  Current Total Sessions : 1

   syslog  VPN:public --> public

   Zone: local--> trust  TTL: 00:02:00  Left: 00:01:59

   Interface: Vlanif2  NextHop: 192.168.212.253  MAC: d4-6a-a8-71-f5-53

   <--packets:0 bytes:0   -->packets:4939118 bytes:2165649016

   192.168.212.252:3456-->192.168.230.2:514

 

 <ASG2200>display firewall session table verbose destination-port 9002

16:47:16  2016/07/02

  Current Total Sessions : 1

   tcp  VPN:public --> public

   Zone: trust--> untrust  TTL: 00:00:10  Left: 00:00:09  User: 192.168.31.231

   Interface: GigabitEthernet0/0/1  NextHop: 0.0.0.0  MAC: 00-00-00-00-00-00

   <--packets:4 bytes:480   -->packets:6 bytes:450

   192.168.31.231:56565-->120.132.75.109:9002

 

 <ASG2200>dis cur  | in 514

16:51:07  2016/07/02

  info-center loghost 192.168.230.2 514 description asgManagerLogHost

  info-center loghost 192.168.230.2 514 description asgManagerLogHost

 

<ASG2200>display current-configuration | include 9002

16:51:13  2016/07/02

  firewall session log-type binary host 1 192.168.230.2 9002

<ASG2200>

 

  <ASG2200>display utm bypass state

 16:58:05  2016/07/02

   UTM bypass function is enabled.

   UTM bypass function is inactive at current.

 

 

 

3、查看应用识别状态,发现状态是no

 

 

根因
SA状态是关闭的,导致查询不的应用行为日志
解决方案

两种处理办法:

1、  删除配置,空配启动,重启配置,空配启动时这个开关会默认打开;

2、  配置导出来,手动在配置文件里加上命令“sa enable”,再把配置导进去,启动;

建议与总结
如果遇到查询不的应用行为日志的情况,建议首先查看sa状态,如果sa状态是正常的,再排查其他原因

END