Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Jul 2018
    Posts
    7

    Default Some connections not visible in the firewall logs

    Good day all,

    I'm a bit of a noob when it comes to Untangle but I have managed to set it up as I want it and it's working well so far. The problem, if its even a problem, that I'm having is that some 'attempted' connections of not visible in my firewall logs.

    I am using a program/system? call Trisul to parse Netflow flows and determine visualise and catelog IDS and dangerous hosts and domains. My setup works well with Untangle and I am able to sucessfully forward my netflow flows and everything works well. My netflow analyser is detecting connection attempts from various 'rouge' hosts on ports/services such as telnet, ssh, mysql etc but I can't find the corresponding logs in the firewall.

    It's clear that Untangle is blocking these connections, as it should, but is there something I'm missing here. Surely if Untangle is sending the data contained in the flow it should be logged in the firewall logs.

    If any one could point me in the right direction I would greatly appreciate it.

    Thanks for any assistance.

    Nick

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,589

    Default

    you can try turning on 'log blocked sessions' here:

    http://demo.untangle.com/admin/index...twork/advanced

    warning: this will log a bunch of stuff, and also scares and confuses many users.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,805

    Default

    Yeah one of the things that Untangle does that isn't immediately obvious, it only logs sessions that transit the server by default. That's what the logged blocked options DMorris mentions fixes, it'll then log everything impacting the Untangle server as well. Personally I could care less about what NAT gets rid of for me, but if you're doing actual research you'll need that data.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Jul 2018
    Posts
    7

    Default

    Thanks very much for your help. I will enable the logging setting and see what I find.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2