Syslog is not consistently triggered by the firewall when accessing websites

Description

This article describes a solution to the scenario in which the firewall Syslog settings are configured to send message id 97 (Syslog website accessed) to a Syslog server but the trigger is not consistent, meaning it is kind of hit-miss, although the settings are properly done.


Cause

This is caused  by CFS Fast Scan being enabled which will just scan the first HTTP request inside one connection if possible

Resolution

In order to generate all the syslog events you will need to disable CFS Fast Scan option from the diag page


                                               Image

NOTE: Please be aware that his may cause extra CPU utilization as it will not bypass for fast scan anymore and in addition it will generate more Syslog Events

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewalls
TZ Series
not finding your answers?
Ask the Community