How do I configure ROS to only log dropped packets from the firewall to a remote syslog server?
I’ve setuped logging like:
/system logging print
Flags: X - disabled, I - invalid
# TOPICS ACTION PREFIX
0 info memory
1 error memory
2 warning memory
3 critical echo
4 ipsec memory
5 info remote
6 error remote
7 warning remote
8 firewall remote
9 ipsec remote
10 system remote
And in the firewall I have a an action=log rule to log packets not accepted.
However those logged packets seems to be logged as both info and firewall topics so my memory log on the firewall is filled with firewall entries. I only want this forwarded to my remote log server.
So you do I setup ROS to only log them as topic firewall so I can send them to the appropriate destination?
I thought as a workaround I could use log-prefix to mark the loglines and then in /system logging direct a specific log-prefix to a defined destination, but that doesn’t seem to be possible either.