Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Mar 2009
    Posts
    23

    Default Firewall Logs are Empty

    OKay, I am troubleshooting a malware issue, trying to identify which, if any, systems on the network are sending spam and flagging us on the CBL. So, suddenly I sort of have a crisis that I need to troubleshoot immediately.

    And, as far as I can tell, I have no real time monitoring in Untangle. Even my cheap little DIR-655 at home does that.

    Further, even if I set the firewall to block everything as the default, NOTHING shows in the logs tab. Refreshing or not.

    As I am specifically troubleshooting SMTP port 25 I have two rules in place, one to pass, one to block. (Pass to and from email server, block to and from every other source).

    I can confirm that the firewall is functioning simply by attempting to "telnet externalemailserver.com 25" and getting blocked, or not, by flipping the rule on or off.

    So, is there no way to do real time monitoring? And how can I get anything at all to show in the logs?

    Any help would be appreciated.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    firewall is just one of the apps.

    if you're tracking down spam or malware issues you should check the spam blocker or spyware blocker reports or eventlogs.

    firewall is for blocking sessions. its not gonna log anything unless you put in a rule with the log checkbox enabled. additionally its probably not the place you want to look.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    May 2009
    Location
    Prague, Czech Republic
    Posts
    23

    Default

    I know what you're trying to do, I've been trying to do the same for the last four hours and getting a bit confused. But here's the way to do it:
    Rather than setting the default action of pass, create a new rule (I called mine 'trap') with action block, log ticked and everything else on 'any'. Then put it underneath your other rules. Now the blocked traffic will show up in the logs

    Bit of a daft way of doing it, but it works

  4. #4
    Master Untangler li_leejohn's Avatar
    Join Date
    Sep 2008
    Posts
    253

    Default

    yup the best way to track down your logs in firewall is to set your firewall to block and make a rule like charlie mentioned then place it at the bottom of all your firewall rules. it works for me..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2