IPv6 addresses in logs are hidden or cut [solved]

Options
FrankLauer
FrankLauer Posts: 48  Freshman Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Security
When I receive mail log the IPv6 address is always cut to about 20 chars.
Like that I can't identify the source of problems. I can't see the full address nor ports.
1&nbsp;&nbsp;&nbsp; 2021-02-08 09:26:58 2a01:****:****:9a50:61 2600:****:5306:7300:: <br>&nbsp;&nbsp;&nbsp;&nbsp; warn&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sessions-limit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ACCESS BLOCK&nbsp;&nbsp;&nbsp;&nbsp; 

When I open a log file from USB stick, the IPv6 address is empty at all.
2021-02-08 09:26:58,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp; warn&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,sessions-limit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,ACCESS BLOCK&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp; vlan50&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ,&nbsp;&nbsp;&nbsp;&nbsp; Maximum sessions per host6 (2000) was exceeded.<br>

Is this a bug or can I change any settings?

Accepted Solution

All Replies

  • FrankLauer
    FrankLauer Posts: 48  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Options
    Well, this forum doesn't let me insert plain text very well.

    Here again the log lines from mail and USB stick.


    1    2021-02-08 09:26:58 2a01:****:****:9a50:61 2600:****:5306:7300::
         warn                sessions-limit         ACCESS BLOCK    


    2021-02-08 09:26:58,                      ,                     ,     warn               ,sessions-limit        ,ACCESS BLOCK         ,     vlan50             ,                      ,                     ,     Maximum sessions per host6 (2000) was exceeded.



  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
  • FrankLauer
    FrankLauer Posts: 48  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Options
    Thanks for reply, but the question was how to show the full IPv6 addresses in logs.
    In log mails they are cut, on USB stick they are hidden (blank) at all.

    Additionally I saw today that in the traffic log files the IPv6 traffic is missing at all.
  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    HI Frank,

    it maybe GDPR related, due to some logs may (during initial Phase) are half anonymous.

    Can I create a Support Ticket on that for you? 

    Our Team will look into solution for you then. Let me know if I can use your mail address.

    Thanks.

    Kind Regards,

    Tobias
  • FrankLauer
    FrankLauer Posts: 48  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Options
    Please open a support ticket. 
    The IPv4 addresses are also fully visible. In a security device GDPR shouldn't have priority. Common practice is to offer a setting which allows different options to save addresses (hidden,limited,full).
    But as I just added in above comment, in traffic log (on USB stick) I miss IPv6 traffic at all.

  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    Hi @FrankLauer

    Thanks, someone from our Support Team will contact you soon to figure it out.

    Kind Regards,

    Tobias
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,073  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    You can upgrade to V4.62WK02 firmware and to see if this symptom still appears.
    Thanks.

  • FrankLauer
    FrankLauer Posts: 48  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Options
    I managed to upgrade today to 4.62(AAPI.0) on the USG210.
    But still no difference.

    Mail log:
    128  2021-02-21 09:38:22 2001:16b8:xxxx:1600:c29:2e06:db05:8d60: 2a01:xxxx:xxxx:9a50::65:443             
         alert               secure-policy          ACCESS BLOCK                                    
         Match default rule, DROP

    - On the first IPv6 address the port is missing because the string size is limited.

    System log on USB:
    2021-02-21 09:38:22,                      ,                     ,     alert              ,secure-policy         ,ACCESS BLOCK         ,     wan1               ,wan1                  ,tcp                  ,     Match default rule, DROP

    - The IPv6 addresses are missing completely.




  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,073  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @FrankLauer

    The current release had fixed it.

    You can download this version from here.

    Thanks.
  • FrankLauer
    FrankLauer Posts: 48  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Today I installed the firmware V4.62(AAPI.0)ITS-WK02-r98140 and as far as I can see, it's fixed. Thank you very much.

Security Highlight