Results 1 to 5 of 5
  1. #1
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,187

    Default What's the log for incoming traffic dropped by NAT?

    I mean unsolicited traffic dropped that's not part of a session and not hitting the uvm therefore not in reports.

    /var/log.... ?

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    you can get it in the GUI reports, but you have to Log blocked sessions (config/network/advanced)
    Then filter [#reports?cat=network&rep=blocked-sessions] by the WAN IP address
    They are not complete session records (i.e.: no country data)
    Last edited by Jim.Alles; 03-26-2020 at 09:59 AM.
    fasttech likes this.

  3. #3
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,187

    Default

    Yes, that's great. Now I remember using that long ago and see I already have that checked to log.

    I just thought I used to look it up in /var/log somewhere but haven't found it now. No grep for me I guess.

    Do you happen to know what the Filter Prefix are? What they mean, I can't find the meaning in the docs, like shield_blocked, invalid_blocked & filter_blocked, I think I know what they mean but would like to now for sure, specifically invalid_blocked.

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    Shield_blocked is, of course, NGFW's special sauce.

    Invalid_Blocked is from the kernel:
    Invalid means that it doesn't match to any known states. In other words, that's the kernel saying "I don't know why I received this packet". – bahamat Dec 3 '12 at 9:28
    https://unix.stackexchange.com/questions/57423/how-to-understand-why-the-packet-was-considered-invalid-by-the-iptables

    Filter_blocked is from iptables, either [Access Rules] or [Filter Rules], and doesn't carry the rule ID, unfortunately.

    SQL query?

    Note to general users (for posterity): logging blocked sessions is not the default setting, it is advanced. And it can complicate troubleshooting by support.
    fasttech likes this.

  5. #5
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,187

    Default

    Thanks Jim.
    Jim.Alles likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2