security firewall name <name> rule <rule-number> log
Enables or disables per-packet logging of firewall rule actions. Use only for debugging purposes.
Actions are not logged.
- name
- The name of a firewall rule set.
- rule-number
- The numeric identifier of a rule. The identifier ranges from 1 through 9999.
Configuration mode
security {
firewall {
name name {
rule rule-number {
log
}
}
}
}
Use the set form of this command to enable or disable logging of firewall rule actions.
Use this type of logging only for debugging purposes. Per-packet logging occurs in the forwarding paths and can greatly reduce the throughput of the system and dramatically increase the disk space used for the log files. For all operational purposes, use stateful session logging instead of per-packet logging (see security firewall session-log <protocol>).
Use the delete form of this command to delete the logging value for a rule.
Use the show form of this command to display the logging value for a rule.