Hi,
I have a logging rule designed to send an email if the firewall action log contains a prefix “must match” for example. The firewall rule works correctly and adds the prefix to the log like “must match input: xxxxxx…”
The problem is the logging rule seems to attach that prefix to other rules in the log the don’t include “must match” in the prefix. So I am getting emails from things log from the firewall that do contain my match prefix.
Any ideas?
Thanks!