The traffic logging enable command enables the logging of traffic that matches a security policy rule.
The traffic logging disable command disables the logging of traffic that matches a security policy rule.
The default traffic logging setting for security policy rules is undo traffic logging, meaning that traffic logging is controlled by the log type traffic enable command, which apply to all security policies, including the default security policy. When the log type traffic enable command is executed, traffic that matches any traffic (including the default) is logged.
A large number of traffic logs may be generated by the FW. When the log storage space is exhausted, the oldest logs will be overwritten. To prevent the log storage space from being quickly exhausted, the FW allows you to enable or disable traffic logging for a security policy to control the logging scope in a refined manner.