What is the easiest way to see dropped packets?

Forum|Forum|20 years ago
February 8, 2006
2 replies
19380 views

haHi. I need to see the dropped packets in real-time, to debug the FW rules. What is the best way to do so? Can I see it in the SSH interface? Will I be able to see it in the HTTPS interface of the next version? Syslog? Thanks.

A

Anonymous_UserAuthor

Contributor

I go to the rules for the source and destination interfaces I wish to monitor and add a final rule that always denies everything. Then I check the log function and I can then watch it in the traffic log.

A

Anonymous_UserAuthor

Contributor

Do you use a FortiLog device? I have only 2 FortiGates..

A

Anonymous_UserAuthor

Contributor

No I just look at the logs in the webinterface. I did have a syslog server running. And I had written a parser to send logs to dshield.org. But I kinda had to disable all that when we started getting tons of ddos and portscans. It took only 6 hours to fill the harddisks of the fg3000 with logs of denied packets and attack logs.

A

Anonymous_UserAuthor

Contributor

If you have a syslog server, I think it' s the best way. On a unix machine you can use " tail -f" and " grep" to help you in your debug. Buzzy

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded