Extraneous Logging Entries
I have a situation where we are running some equipment in front of, but connected to the same layer 2 switch as our firewall. This equipment is using keepalived to load balance itself. The problem is that the vrrp entries are coming through into the firewall and I am struggling running testing because I get failures that I cannot find in the logs due to the flood of entries.
Is there a way to shut these things off?
It's a huge waste of time for me to be hacking my way to find that needle in a haystack buried in the logs.
Before the "unseen default deny rule" I put explicit deny rule/s on WAN that block and not log whatever garbage there is on WAN that I cannot do anything about and do not care about. For example, one of my ISPs has a lot of rubbish floating about on their internal network that provides the final metro wireless hop to us.
Status->System Logs->Settings you can also disable logging of the default deny rule. Then put rules yourself to explicitly block and log stuff you want to see. But usually you want to see the stuff that you are not expecting, i.e. things that do not match any of the rules you thought up.