11-11-2010 11:58 PM
On a T640 I have made a firewall filter, with on some terms logging.
I can see the hits on the router with show firewall log detail.
But when I tried to send this to a syslog server, it won't work.
Other messages that send to the syslog do work.
Also the messages don't go to a file.
set system syslog host 10.11.7.3 firewall any
set system syslog file firewall firewall any
set system syslog file firewall archive size 1m
set system syslog file firewall archive files 1
set firewall filter wan-in term drop then count smtp-drop
set firewall filter wan-in term drop then log
set firewall filter wan-in term drop then sample
set firewall filter wan-in term drop then reject
11-12-2010 11:11 AM
Try changing your log action to syslog. The log action only logs the packet header to a buffer in the pfe. If you are not doing traffic sampling, you can also remove the sample action. This is not required to send the output to syslog.
Also note that specifying multiple terminating actions can cause some of the actions to not be processed. Log and reject are both terminating actions.
Here is a link you might find helpful.