If you see such entries dropped in your log, then you have a timed out
session. It's the reply packet that shows up in the log. If such a packet is
accepted, then your rule base should be cleaned up. (if you have a 'any'
service rule you might experience this)
Lars
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, August 13, 2001 13:46
To: [EMAIL PROTECTED]
Subject: RE: [FW1] Why is log viewer so lame ?!
I don't trust the filtering at all. Several times I have seen a line in the
log, something like:
service Source Dest S_Port
ftp hostA HostB 23312
The I have tried to filter on service=ftp. I got the message "No records
found" even if I started from the top and I knew there was several lines
like the example above.
Filtering on Source and Destination seem to work OK.
---
J�rn Yngve Dahl-Stamnes
EDB Teamco, Trondheim
[EMAIL PROTECTED]
> -----Original Message-----
> From: Lisa Lorenzin [mailto:[EMAIL PROTECTED]]
> Sent: 10. august 2001 15:43
> To: [EMAIL PROTECTED]
> Subject: Re: [FW1] Why is log viewer so lame ?!
>
>
>
> One "feature" of the log viewer is that if your display is
> showing entries towards the end of the logfile when you apply
> your selection, it will only show you selected items from
> that point on. Whenever I apply a selection, the very next
> thing I do is hit the "Return to top" button. It's amazing
> what shows up when you do that. :)
>
> Lisa
>
> Standard disclaimer: the content of this message represents
> my personal views, not those of my employer.
>
> Lisa Lorenzin
> Information Security Consultant
> [EMAIL PROTECTED]
>
> >>> <[EMAIL PROTECTED]> 08/08/2001 10:56:43 >>>
>
> 2. Selection doesn't work half the time - select items I KNOW
> are there
> but doesn't bring them up - have to search by other methods eventually
>
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
