IPv6 addresses in logs are hidden or cut [solved]

FrankLauer
FrankLauer Posts: 50  Ally Member
First Comment First Answer Friend Collector Fourth Anniversary
edited April 2021 in Security
When I receive mail log the IPv6 address is always cut to about 20 chars.
Like that I can't identify the source of problems. I can't see the full address nor ports.
1&nbsp;&nbsp;&nbsp; 2021-02-08 09:26:58 2a01:****:****:9a50:61 2600:****:5306:7300:: <br>&nbsp;&nbsp;&nbsp;&nbsp; warn&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sessions-limit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCESS BLOCK&nbsp;&nbsp;&nbsp;&nbsp; 

When I open a log file from USB stick, the IPv6 address is empty at all.
2021-02-08 09:26:58,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp; warn&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,sessions-limit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,ACCESS BLOCK&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp; vlan50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp; Maximum sessions per host6 (2000) was exceeded.<br>

Is this a bug or can I change any settings?

Accepted Solution

All Replies

  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary
    edited February 2021
    Well, this forum doesn't let me insert plain text very well.

    Here again the log lines from mail and USB stick.


    1    2021-02-08 09:26:58 2a01:****:****:9a50:61 2600:****:5306:7300::
         warn                sessions-limit         ACCESS BLOCK    


    2021-02-08 09:26:58,                      ,                     ,     warn               ,sessions-limit        ,ACCESS BLOCK         ,     vlan50             ,                      ,                     ,     Maximum sessions per host6 (2000) was exceeded.



  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary
    edited February 2021
    Thanks for reply, but the question was how to show the full IPv6 addresses in logs.
    In log mails they are cut, on USB stick they are hidden (blank) at all.

    Additionally I saw today that in the traffic log files the IPv6 traffic is missing at all.
  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
    HI Frank,

    it maybe GDPR related, due to some logs may (during initial Phase) are half anonymous.

    Can I create a Support Ticket on that for you? 

    Our Team will look into solution for you then. Let me know if I can use your mail address.

    Thanks.

    Kind Regards,

    Tobias
  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary
    edited February 2021
    Please open a support ticket. 
    The IPv4 addresses are also fully visible. In a security device GDPR shouldn't have priority. Common practice is to offer a setting which allows different options to save addresses (hidden,limited,full).
    But as I just added in above comment, in traffic log (on USB stick) I miss IPv6 traffic at all.

  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
    Hi @FrankLauer

    Thanks, someone from our Support Team will contact you soon to figure it out.

    Kind Regards,

    Tobias
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    You can upgrade to V4.62WK02 firmware and to see if this symptom still appears.
    Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary
    edited February 2021
    I managed to upgrade today to 4.62(AAPI.0) on the USG210.
    But still no difference.

    Mail log:
    128  2021-02-21 09:38:22 2001:16b8:xxxx:1600:c29:2e06:db05:8d60: 2a01:xxxx:xxxx:9a50::65:443             
         alert               secure-policy          ACCESS BLOCK                                    
         Match default rule, DROP

    - On the first IPv6 address the port is missing because the string size is limited.

    System log on USB:
    2021-02-21 09:38:22,                      ,                     ,     alert              ,secure-policy         ,ACCESS BLOCK         ,     wan1               ,wan1                  ,tcp                  ,     Match default rule, DROP

    - The IPv6 addresses are missing completely.




  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,249  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @FrankLauer

    The current release had fixed it.

    You can download this version from here.

    Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary
    Today I installed the firmware V4.62(AAPI.0)ITS-WK02-r98140 and as far as I can see, it's fixed. Thank you very much.

Security Highlight