Exam N10-008 topic 1 question 232 discussion

The correct answer is A. Adjust the proper logging level on the new firewall. If the firewall has been manually reconfigured, it's possible that the logging level has been changed or disabled, which could explain why connection events are no longer being generated. The technician should check the logging configuration on the firewall and adjust it as necessary to ensure that the desired events are being logged.

Option B, tune the filter for logging the severity level on the syslog server, is not a valid solution to the problem described. The syslog server is responsible for receiving and storing log messages, not generating them. Option C, activating NetFlow traffic between the syslog server and the firewall, is also not a valid solution to the problem. NetFlow is a network protocol used to collect and analyze network traffic data, and has nothing to do with logging or generating log messages. Option D, restarting the SNMP service running on the syslog server, is also not a valid solution. SNMP (Simple Network Management Protocol) is a protocol used for managing and monitoring network devices, and has no bearing on the generation of log messages.

The question states that he is reconfiguring a firewall, so how can the correct answer be adjust proper logging on the NEW firewall when it's the same one?

NetFlow Analyzers allow network administrators to understand the impact of application traffic on the network. For instance, they can identify unusual network loads, such as video content or large file transfers, and measure how application and policy changes affect costly WAN/SD-WAN traffic.

Syslog can be configured to show logs at certain thresholds of severity from 7 (Debugging) to 0 (Emergency). If not set properly, you could miss certain logs/notifications that would have otherwise been important.

B. Tune the filter for logging the severity level on the syslog server. If certain connection events that were previously sent to a syslog server are no longer being generated by the firewall after a manual reconfiguration, it's likely that the severity level or filter settings for those events on the syslog server were affected. You should adjust the filtering settings on the syslog server to ensure it captures the appropriate log events from the firewall. This will help reestablish the logging of the required events without having to modify the firewall's configuration.

B: Reason: the severe problem has been solved and the fw (old one, so no new one as stated under A) does not report those issues anymore. Hence, if the tech wants to see lower grade reports, he has to modify the filter on the syslog server. C: AFAIK Netflow data insertion into syslog needs a converter and this happens on the syslog server (correct me, if I am wrong) D: The question states, the fw does not generate the messages anymore, so restarting the daemon on the syslog server makes no sense.

If the syslog server is no longer receiving previous messages from the firewall after changes were done to the firewall, I think it makes more sense to adjust something on the firewall so those messages get sent to the syslog server again.

Hard to say, but first thing i would note on wbear's answer is that it's not a router he configured, it's a firewall. It said he manually reconfigured it so I think it is a "new" firewall in the sense that it has a different configuration, rather than being new in the sense that we might expect as in " fresh out of the box". Most firewalls are software after all. For me, Answers B, C, D lean towards an issue with the syslog server which has not been changed according to the information given in the question. I think the answer given (A) is simply implying they have made a mistake whilst manually configuring the firewall (which is easily done) and so they need to rectify that mistake.

leaning towards. B in this case, some logging is taken place, just not all as before, this is not a new router it was a manual reconfiguration, same, device, same connections.

A indicates it's a new firewall when the question doesn't State anything about a new firewall wouldn't that be the wrong answer then?