Packet Discard Logs in Syslog Format

The FW can output packet discard information in syslog format to log hosts.

If a packet is discarded, the FW can output the packet information and discard cause to a log host. The packet discard cause may be session table mismatching, failure to match any security policy, or default packet filtering. Packet discard logs contain the following types:

Logs on packets discarded by security policies: If a packet matches the deny action of a security policy, the firewall discards the packet and outputs log information.
Logs on packets discarded by default packet filtering: If a packet matches the deny action of default packet filtering, the firewall discards the packet and outputs log information.
Logs on packets discarded due to session match failures: If a non-first packet fails to match the session table of the firewall, the firewall discards the packet and outputs log information.
Logs on packets discarded due to other causes.

Packet discard logs are supported for both IPv4 and IPv6 traffic. The FW directly outputs the generated packet discard logs to the log server through an independent channel.

Packet discard logs are classified into syslogs and binary logs. The packet discard log format is determined by the session log format. When the session log format is syslog, the packet discard log format is syslog. When the session log format is binary, the packet discard log format is binary. When the session log format is netflow, the packet discard logs cannot be generated. This section describes the content of packet discard logs in syslog format. You can view packet discard information based on a security policy in binary packet discard logs. For configuration details, see Configuring the Enhanced Session Log Function > Viewing Key Information About Packet Discard Logs in Session Logs. After the configuration is complete, you can view binary session logs on the log server eLog.