Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[IAG] Deployed in bypass mode, no audit logs found on IAG

Posted
Updated
Byadmin
Views2

Problem Description

No logs were audited for IAG deployed in bypass mode

Process——

  1. Check whether there is a real-time log for Internet behavior monitoring, and find that there is no log information. Check if there is a global exclusion and find that there is no global exclusion

    502085be7eca1061cf.png (20.73 KB)

    811825be7ecbcb6cac.png (13.46 KB)
  2. Open the packet capture tool on the IAG device to capture all the data packets on the mirror port. About 10,000 data packets will be enough.

    147785be7ed5daf5bf.png (18.3 KB)
  3. Use wireshark to open the data packet and find that it is a problem with the mirrored traffic: the mirrored traffic is all ARP and DHCP packets, so it is a problem with the switch mirrored traffic.

    379515be7edcbaa415.png (59.95 KB)
  4. Find the switch to identify the mirrored traffic problem and solve it

solution

The problem is that the switch mirrors the traffic. Let the switch mirror the correct traffic.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6603&isOpen=true