5152 and Firewall log... Expand / Collapse
Author
Message
Posted 11/26/2019 2:55:04 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 5/8/2017 12:10:48 PM
Posts: 2, Visits: 0
I do not understand the difference between events logged as 5152 (filtering platform drop Failure) and the firewall log. For a particular machine there are hundreds of 5152 Audit Failure logs, but only a handful appear in the actual firewall log. I believe only the entires in the firewall log are acutally being dropped.
Post #8607
Posted 3/7/2020 10:50:42 AM
Junior Member

Junior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior Member

Group: Administrators
Last Login: 4/13/2009 5:07:47 PM
Posts: 20, Visits: 0
Hi,

A 5152 is generated for each blocked packet, whereas each row in the firewall log is for multiple packets. So one row in the firewall log could cover hundreds or more 5152's.
Post #8618
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 2:49pm