Logs show different logs than expected



  • I'm troubleshooting why a mail server isn't receiving mail so I watch the logs. I've enabled logging in the firewall rule and I see traffic that I filter by, come and go. Why do the logs show one set of data one time, then 10 seconds later a different set - shouldn't it include the log results from the last "apply filter"? If I want to see all "destination port" traffic for port 25, I should be able to see it in the Status \ System Logs\ Firewall \ Normal View. What am I misunderstanding?

    Thx


  • Rebel Alliance Developer Netgate

    You'll need to provide some examples of what you mean there. When you set a rule to log and then save/apply you will see a log entry for all new connections made from that point on -- not for every packet and not for connections already open when you clicked the apply button.

    If you want to see every packet of incoming traffic at that moment, use a packet capture, not the firewall log.