I am trying to filter out all inbound deny syslog that the firewall is sending
I have a props.conf like this
[srx_log]
TRANSFORMS-srxDrop = srxDropDeny
I have transforms.conf like this
##############################
# Drop Firewall inbound deny
###############################
[srxDropDeny]
REGEX = (RT\_FLOW\_SESSION\_DENY.+source-zone-name\=\"untrust\")
DEST_KEY = queue
FORMAT = nullQueue
I can see that the logs are not being dopped.
How do I ..... Or where do I look to see why this is not working. Is there an internal log that tracks the transforms and props activity? is there a log file that tracks if or if not a filter is working?
↧