I'm attempting to log deny hits on the firewall filter that I have applied to the loopback. Below are the relevant lines from the config:
set system syslog file firewall firewall any
set firewall family inet filter PROTECT_RE_V4 term DEFAULT_DENY then count DEFAULT_DENY
set firewall family inet filter PROTECT_RE_V4 term DEFAULT_DENY then log
set firewall family inet filter PROTECT_RE_V4 term DEFAULT_DENY then syslog
set firewall family inet filter PROTECT_RE_V4 term DEFAULT_DENY then discard
The DEFAULT_DENY hit counter is increasing and there are logs in the buffer:
switch> show firewall log
Log :
Time Filter Action Interface Protocol Src Addr Dest Addr
06:34:00 PROTECT_RE_V4 D vme.0 TCP 10.1.234.2 10.1.3.21
06:33:56 PROTECT_RE_V4 D vme.0 TCP 10.1.234.2 10.1.3.21
06:33:54 PROTECT_RE_V4 D vme.0 TCP 10.1.234.2 10.1.3.21
However, the "firewall" log file in /var/log/ remains empty.
switch> file list /var/log/ detail | match firewall
-rw-rw---- 1 root wheel 0 Sep 11 10:34 firewall
Am I missing something?
Thanks,
-Brian
------------------------------
BRIAN LEHIGH
------------------------------