|
This is by design. The free-style filter is intended to filter specific logs per category. Other categories does not apply the filter.
show log syslogd filter
config log syslogd filter
config free-style
edit 1
set category attack
set filter "logid 0419016384"
set filter-type include
next
end
end
With the above configuration, all other logs will go through. but for 'attack', only 'logic 0419016384' logs may pass.
In v6.4, it was not possible to specify categories, but in v7.0, it has been improved to set more detail by category.
It should be set filters to include or exclude other categories. The CLI command has been changed as follows to a free-style filter.
CLI Setting:
V6.4:
config log syslogd filter
Description: Filters for remote system server.
set anomaly [enable|disable]
set filter {string}
set filter-type [include|exclude]
set forward-traffic [enable|disable]
set gtp [enable|disable]
set local-traffic [enable|disable]
set multicast-traffic [enable|disable]
set severity [emergency|alert|...]
set sniffer-traffic [enable|disable]
set voip [enable|disable]
end
Related document:
config log syslogd filter
V7.0 or v7.2 later:
config log syslogd filter
Description: Filters for remote system server.
set anomaly [enable|disable]
set forward-traffic [enable|disable]
# config free-style
Description: Free style filters.
edit <id>
set category [traffic|event|...]
set filter {string}
set filter-type [include|exclude]
next
end
set gtp [enable|disable]
set local-traffic [enable|disable]
set multicast-traffic [enable|disable]
set severity [emergency|alert|...]
set sniffer-traffic [enable|disable]
set voip [enable|disable]
set ztna-traffic [enable|disable]
end
Related documents:
config log syslogd filter
Technical Tip: Using syslog free-style filters
Technical Tip: Configuring advanced syslog free-style filters
|
