Logs show different logs than expected
-
I'm troubleshooting why a mail server isn't receiving mail so I watch the logs. I've enabled logging in the firewall rule and I see traffic that I filter by, come and go. Why do the logs show one set of data one time, then 10 seconds later a different set - shouldn't it include the log results from the last "apply filter"? If I want to see all "destination port" traffic for port 25, I should be able to see it in the Status \ System Logs\ Firewall \ Normal View. What am I misunderstanding?
Thx
-
You'll need to provide some examples of what you mean there. When you set a rule to log and then save/apply you will see a log entry for all new connections made from that point on -- not for every packet and not for connections already open when you clicked the apply button.
If you want to see every packet of incoming traffic at that moment, use a packet capture, not the firewall log.