Can't view log if enable troubleshoot blocked traffic with active blocked traffic

Discussion in 'ESET Smart Security' started by red_jack, Jun 23, 2009.

Thread Status:
Not open for further replies.
  1. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    Is there a way to change how the log viewer reacts to changes or new entries in the log?
    If the troubleshoot option is enabled to log blocked packets, you can not open the log for viewing when new entries are being logged. As the log is being parsed it is interrupted (I assume this is from a new log entry), during this time the log viewer is looped in reloading the log. You click cancel and it defaults to load the current log selection which is the one causing the loop. To cancel you must be very quick to change which log to show after you click cancel. When that screen is active you can not select anything else, and it is set OnTop of all other active windows. **If that sounds confusing, I will try a screen recorder to show what is going on.** If the firewall module is stopped, you can view the log. If the troubleshooting is not enabled, you can view the log. But when you have it enabled and in my case a rule like block upnp traffic, the log is filling quickly and is constant in reloading the log to view the new blocked entry. There is a unpnp media player on the network so the packets are sent very often filling up the log along with blocked bridge traffic broadcast from the FIOS network. When the new entry is added the log is reloaded. I assume this would be the same situation if you were being attacked by several packets and this was enabled. It is almost like a software ddos to make changes to ESS when the log is being viewed.
    So is there a way to disable the constant reloading of the log view? Or is there an external log viewer available?

    Thanks
    jack
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    i have noticed that too when troubleshooting. i think it is a minor bug and way to self ddos ;)
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Leave the logging of blocked connections enabled for the time necessary to replicate the problem, then disable it and eventually have a look at the firewall log for details about blocked connections.
     
  4. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    Thanks for the reply. Sure I can go that route. I would rather be able to prevent the reloading over and over. If I am troubleshooting for a certain entry, I would rather manually refresh the log. All those entries turn into a very large log file which takes a few seconds to parse.
    However, I would think this would be problem for any user that was currently getting attacks that were being logged without that troubleshoot option enabled. Or Noto_O
    If it refreshes every time an entry is added, how can you view the log if it is constantly reloading the whole log file for each attack entry? Every time it reloads, it clears my current view, pops up a msg box telling me it is loading the log file, finishes, flashes the screen with entries then clears it, repeating the process. Click Cancel, returning control back to the main window but that window is still trying to read the event log which repeats the whole process. If I am getting attacks the last thing I want to deal with is being stuck in a loop trying to read the log file of the attacks. If you click Cancel it should not loop back and restart the process... Reloading the entire log file for a new event seems a bit extreme on the resources. If there is no option to prevent the auto load log file, please pass it on to the dev team to add something or prevent the looping process. Any external viewer capable of viewing new events on the fly with pause would be much nicer...
    Thanks again...
    jack
     
Thread Status:
Not open for further replies.