Forum Discussion
2 Replies
Sort By
- natheCirrocumulus
The logging change should be immediate. Any error messages in /var/log/asm or bd.log?
Are you logging remotely? If in a HA pair, what about if you fail over to the passive device, does that log successfully?
N
- Boggs_5738Nimbostratus
check disk space. logging locally sends it to the mysql database for asm. so if its full, it'll get truncated at some point but worth to check.
check via packet capture if when an illegal request is triggered, does the event log sent to the SIEM. depends on which interface the SIEM is reachable from - either mgmt interface or a self ip.