Network monitor blocking invisibly [Resolved]

I’m running a syslog server on my system. It simply receives log messages on UDP port 514. Comodo’s Network Monitor seems to be blocking it, but does not log the block in any way. If I turn off the network monitor, then I start getting the logs no problem. To debug this, I have set every one of my rules to log an alert when activated and rule #0 is,
Allow & Log IP In/Out from Any Source to Any Destination WHERE IPPROTO IS ANY

In my understanding, this should allow all TCP/UDP traffic on all ports. Is there an aspect of the Network Monitor beyond these rules?

Any ideas?

Hi Taranli Maren, welcome to the forum.

I find it a little strange that you are not seeing any events in the logs related to this issue. have you confirmed you are capturing events from all security monitors (Activity/Logs/ - Right click in the log window and ensure ‘Log events from’ has all four options ticked.)

One point, I find it easier to track down problems by having separate IN and OUT rules in Network Monitor.

Toggie

Thanks for the response.

I checked the menu you mentioned, all four boxes are checked.

Normally I would agree with you about having separate in and out rules. I set rule 0 to allow all in and out in order to prove to myself that my other rules could not have been causing any problem. I have attached a screenshot of my desired set of rules.

[attachment deleted by admin]

Any chance you could post the detail from your log files? Use the information here Important - Please read before posting for instructions.

Toggie

Here is the information it requested in the thread you linked.

Comodo Firewall Pro Version 2.4.18.184
Cable connection through a router
Windows 2000 w/ latest service pack
Logged in as Administrator
Nod32 loaded as Antivirus, no other security software
I previously used Zonealarm free, but it was a very long time ago. I have been using Comodo with minimal trouble for about 6 months.

And the logs are attached. I know there were several attempts to send to my syslog server during this time.

[attachment deleted by admin]

Just remind me, on which device is the syslog sender running and on which device is the syslog daemon running?

The syslog daemon is running on this system, 192.168.0.102, the client is on a cisco asa5505 whose ip address that is not in the log (hence the trouble).

I have uninstalled and reinstalled the software and it appears to work. The syslog messages are showing up in the log, as well as a large number of upnp messages from my router which weren’t displaying before.

Thanks for your help Toggie :slight_smile: Now I just have to fix a totally unrelated ftp server issue. lol, when it rains it pours.

Amazing what a reboot can do :slight_smile: I’m glad that’s working for you now. I’ll mark this topic closed. If you need it re-opened, just PM a Mod