[northlandboy]

Well, yeah, you're not going to see anything in Tracker if it's not logging...

Try running tcpdump on the IPSO box for a while, looking for tcp/257 going from the firewall to the management server.

Also take a look at the contents of $FWDIR/log. fw.log should be growing if it's now logging locally.

I have sometimes seen logging get a bit messed up and require a restart on the module - normally they just detect that the log server is back up and deal with it. Occasionally they don't seem to properly deal with it though. If it's practical, you might like to try a stop/start on the module. You shouldn't _have_ to do that, but sometimes it seems to be required.

Given that you've already pushed policy, it's reasonable to assume that it's not a SIC-related issue - nor should it be. You could try running fw log at the command line on the module, to get it to convert the logs into human-readable format on the command line, so you can doublecheck there's nothing odd in there, like changed anti-spoofing. Again, since you've been able to push policy, that shouldn't be an issue.

Also, from the module, can you telnet to the management server on port 257, just to doublecheck that everything is cool at a routing level?