[AF] The attack trend before 3 months Medium AF export Report is 0
Problem Description
The customer exported a comprehensive risk report from AF in early April and found that the number of attacks before January was zero, but the number of attacks starting in February suddenly increased a lot, and needed assistance in analyzing the cause.
Effective troubleshooting steps
- Check the Security Logs of the device. There is a Security Logs in January. The number of attacks Medium the normal Report should not be 0.
- Confirm with R&D that the attack trend of the device background is only retained for 3 months, and the data before 3 months will be cleared. It is normal to see that Report in April is empty for January.
- Confirm with the customer and Obtain the report exported in March to check that the attack trend in January is normal and has data.
Root cause
The attack trend data saved after the AF device is enabled is only retained for 3 months, and the previous data will be cleared. The exported Report will count the data Statistics less than 3 months and display it as zero.
solution
Device mechanism, communicate and explain with customers, and Obtain previously exported Report to verify the solution.
Suggestions and Conclusion
- The device Report is related to the intermediate table of the device itself. The Report attack data can only be exported for one month because the intermediate table of the device itself is only retained for one month.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=1545&isOpen=true