Filters' Descriptions and Configuration

Select Action Filter

ID: select-action

This filter specification can be used to select only the firewall events that were permitted or denied.

Parameters

action_match

This parameter contains the action that should selected:

denied

Select only denied events.

permitted

Select only permitted events.

-

This is also a possible action when we can't determine from the log information if this event was denied or permitted.

Defaults to denied.