Searching logs for "geo_src" produces no results

In Dimension (2.1.2 U2) I wanted to get an idea of what geo locations were being blocked, and I wanted to search on the phrase "geo_src" in the Log Search. I select ALL to search and enter ANY of these words = geo_src as the search, but I'm not getting any results.

I see the phrase in the lines displayed in FSM Traffic Monitor and I am able to filter by that phrase.

Where do I turn the logging on for the Geo blocked data (FB M370 running 12.5.1.B) ?

Thanks,
Craig

Best Answer

  • Answer ✓

    This has been fixed in the latest update and searching geo_src now produces results. Thanks Watchguard!

    Dimension Update v2.1.2 Update 3 -- 9 January 2020

    Resolved Issues in Dimension v2.1.2 Update 3
    -Logging and Reporting
    --Geolocation data is now correctly included in Log Search results. [FBX-17970]

Answers

  • Search for geolocation. It works for me

    My Traffic Monitor and Dimension logs show a Deny log message with:
    Firebox blocked sites (geolocation source)
    in the log message.

  • Dimension needs "geolocation source" to find just the source, or "geolocation destination" to find only the destination, or as Bruce noted, just "geolocation" which will show both.

    I'm with you, though. I expected it to show the same way FSM traffic monitor shows it as "geo_src".

    Gregg Hill

  • I do see the logged denies when searching with the term geolocation, but the logged lines do not show the country code. I am trying to easily see what countries are being blocked.

  • Interestingly "geo_src" and "geo_dst" are shown in logs shown in Dimension Log Manager - so you could find the time of interest in Log Search and then use Log Manager to see the full log message. Not easy, but possible.

    Also, in WG Cloud, "geo_src" and "geo_dst" are shown from a search - but one can't search for geolocation.
    However, do a search for blocked* and you will see all blocked sites denies, which will include those for geolocation blocks.

    I have created a discussion on Product Enhancements for these 2 search issues.

  • Thanks Bruce. I guess I could export in the Manager and then extract the data from there. Yes, it seems the logged line format/content is different between the Manager and the Search in Dimension (on prem). Hopefully your discussion will result in some new enhancements that will make the search more robust.

Sign In to comment.