No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The URL filtering graph shows no data on eSight LogCenter as connecting to USG5520s case

Publication Date:  2014-08-30 Views:  293 Downloads:  0

Issue Description

When the customers look at log details for URL filtering, it seems there are many log entries. But when they look at snapshot or URL access ranking or source IP rankings, all of them are empty and show no data.

Issue screenshot:

Alarm Information


Handling Process

Check the logs detail information, I find that all the URL logs are CAT type (URL/4/CAT), the log format as following:

<188>2006-09-02 14:17:56  USG5520S URL/4/CAT:type="Pre-define category" proto=http action=deny src=  dst= srcport=2589 dstport=80 eventnum=1 page="/" host="Portal Sites"

After confirmed, the graph in URL filtering label need the audit type(URL/6/AUDIT) logs as the available data. The log format as following:

<190>2006-09-02 14:17:56 USG5520S %%01URL/6/AUDIT(l):type="Not defined" proto=HTTP cat_action=deny src= dst= srcport=4026 dstport=1155 eventnum=1 arg="/" hititem="[exact]"
And then, I use an audit user to login firewall USG5520S to check if the firewall creates audit logs. After checked, there isn’t any audit logs in the firewall Logbuffer.

So the root cause of the issue maybe is that the firewall USG5520S doesn’t create any audit type logs. Go on checking the configuration of USG5520S, for the audit type logs, there are some configurations were missed. So need to add the following commands:

[USG5520S]info-center source default channel 4 log level informational   // Need to configure this command to change the log level to informational, after that, the audit type logs just can be created.

[USG5520S]http-access log-type syslog                                                         // Need to configure this command to change the log type to syslog, after that the logs will be saw and shown in the eSight log center.

After add the above commands on the USG5520S, I can see the audit logs in the eSight LogCenter. And the graph shows the data. As below:

Root Cause

According to the issue information, seems like the eSigh LogCenter server doesn’t process the logs correctly.


As the USG firewall works with the LogCenter (eLog), for different graph,need different logs, if the graph shows abnormal, please check if the correct logs has been sent to the LogCenter(eLog) server.