policy logging (security policy rule view)
Function
The policy logging command enables the function of logging the traffic that matches the security policy rule.
The undo policy logging command disables the function of logging of the traffic that matches the security policy rule.
Usage Guidelines
By default, the function is disabled.
The policy logging command enables the function of logging traffic that matches a specific security. It takes effect only after the log type policy enable command is executed. Policy matching logs are stored in disks and can be displayed on the web UI (). If no disk is available, you can view these logs on the eSight to which the FW connects.
Configuration Impact
For policy matching logs in dataflow format, the device performs rate limiting based on the default specification. Details about the default specification are as follows:
- USG6510E/6510E-POE/6530E: 150
- USG6515E/6550E/6560E/6580E: 450
- USG6525E/6555E/6565E/6575E-B/6585E/6605E-B: 450
- USG6610E/6620E: 1500
- USG6615E/6625E: 1500
- USG6635E/6655E: 1500
- USG6630E/6650E: 1500
- USG6680E and USG6712E/6716E: 1500
Note that you cannot modify the specification. That is, the device can only perform rate limiting based on the default specification.
- For policy matching logs in syslog format, you can run the policy syslog rate-limit command to configure a specific limiting rate.
After the policy logging command is delivered and policy matching logs in syslog format are generated, the device sends policy matching logs to the information center at a rate of 1 log per second.