By default, the firewall forwards All Logs of
the type for which you add the match list profile. To forward a
subset of the logs, open the drop-down and select an existing filter
or select Filter Builder to add a new filter.
For each query in a new filter, specify the following fields and Add the
query: Connector—Select the connector
logic (AND/OR) for the query. Select Negate if
you want to apply negation to the logic. For example, to avoid forwarding
logs from an untrusted zone, select Negate,
select Zone as the Attribute, select equal as
the Operator, and enter the name of the untrusted Zone in the Value
column. Attribute—Select a log attribute.
The available attributes vary by log type. Operator—Select the criterion to determine
whether the attribute applies (such as equal).
The available criteria vary by the log type. Value—Specify the attribute value
to match.
To display or export
the
logs that the filter matches, select View Filtered Logs.
This tab provides the same options as the Monitoring tab
pages (such as ).
Set the filter to forward logs for all
event severity levels (the default filter is All Logs). To
create separate log forwarding methods for different severity levels, specify
one or more severity levels in the Filter,
configure a Forward Method, and then repeat
the process for the rest of the severity levels.
|