Forum Discussion

Renato_166638's avatar
Renato_166638
Icon for Nimbostratus rankNimbostratus
Jun 26, 2018

AFM reporting no data

Hi!

I have an AFM installation here that seems to be working very well as firewall and ddos protection, but the problem is that none of the reports are working. I have a logging profile created for all the VSs and the publisher is set as local-db-publisher everywhere.

Logs working:

Reports not working:

It is also possible to observe some javascript errors being report in console:

My logging profile:

security log profile Log_Local {
    dos-network-publisher local-db-publisher
    ip-intelligence {
        log-publisher local-db-publisher
    }
    network {
        Log_Local {
            filter {
                log-ip-errors enabled
                log-tcp-errors enabled
            }
            publisher local-db-publisher
        }
    }
    port-misuse {
        log-publisher local-db-publisher
    }
    protocol-dns-dos-publisher local-db-publisher
    protocol-inspection {
        log-publisher local-db-publisher
    }
    protocol-sip-dos-publisher local-db-publisher
    traffic-statistics {
        active-flows enabled
        log-publisher local-db-publisher
        missed-flows enabled
        reaped-flows enabled
        syncookies enabled
        syncookies-whitelist enabled
    }
}

Am I doing something wrong?

Thanks!

AFM
logs
reports
security
  • Renato_166638's avatar
    Renato_166638
    Icon for Nimbostratus rankNimbostratus
    Jun 30, 2018

    No... But it seems to be a problem in the version 13.1.0.7, as after downgrading to 13.1.0.5 they started to work. I noted also that all the reports work better with internet explorer with only minor errors. Some reports will not open in chrome or firefox.

     

  • Renato's avatar
    Renato
    Icon for Altostratus rankAltostratus
    Jul 18, 2018

    All AFM reports stop working when you add the device in BIG-IQ. As I was not able to copy the configuration while downgrading from 13.1.0.7 to 13.1.0.5, BIG-IQ lost the device trust, and that is why the reports worked in that version. I noted it after adding the device again into BIG-IQ because the reports simply stopped again. Only to be very sure about it I have upgraded it to 13.1.0.8 and, seeing that the reports were still not working, I removed the device from BIG-IQ. After that all the local AFM reports came back to life.

     

    This is not a version thing, nor even a bug. Maybe only an annoying new feature. It makes some sense considering that since 13.1, or when I started to note this behavior, it is not even possible anymore to enable local and remote logging at same time.