@watt..If you don't log traffic being dropped by the cleanup rule how would you know the traffic you intend to be accepted is being dropped by which rule? You will troubleshoot not knowing where the issue is. Disk space is not a problem as you can set how long the logs should be stored and will be automatically be deleted to free up space.
There are 2 reasons that I have in my mind.
1st -If your actual rule base is set up correctly and all traffic hits rules that it should. If don't, you can easily check logs, troubleshot and see that FW block traffic which normally should pass FW. In case if rule base is set up correctly, you can push this problem to your Network team/storage or whatever to fix this problem.
2nd - Analyzing dropped packets you can see how much traffic and what type of traffic were blocked and someone from your organization may dig deeper to draw some conclusions.
There is no logical reason for that.
If there's any problem, then I would log the traffic. If not, the mgmt server will run out of space because of non-stop incoming logs... A GW which is located between your internal and external network gets tons of packets and data.
The mgmt server won't be able to proccess so many logs.
na 2tb of hdd space is more than enough for logging all kinds of traffic , thats what we have in our company as well and in case you didnt know you can setup settings on the smartconsole to get rid of old logs as soon as your logs get filled to a certain level which also you can change so what you are saying makes no sense at all.
IDK, I work in 4 different environments and all off them log cleanup rule. Usually they keep 7-30 days logs available straight away and the rest are archived, send to the server and keep there for few years in case that someone would like to make deep investigation.
because it helps with troubleshooting. It happened to me that a rule accepting certain traffic was there in the rule base, however it was being dropped as visible on the logs, at the clean up rule. The issue was that the policy hadnt been installed so the rule wasn't taking effect. It just helpful, thats all
with enough diskspace these days, why not ? You can rotate logs if needed. And it makes troubleshooting more easy.
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
LashFX
2 years agokambata
4 years agowatt
4 years, 4 months agorr80
4 years, 3 months agoWattttt
4 years, 3 months agokbk89
4 years, 2 months agorr80
4 years, 3 months agomauchi
3 years, 10 months agoAnni_CCSA
4 years ago