This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Immutable fwrule IDs

Example log:

<30>2019:10:15-08:29:51 gateway ulogd[18690]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="32" initf="eth6.110" outitf="eth1" srcmac="00:24:06:aa:aa:aa" dstmac="00:1a:8c:bb:bb:bb" srcip="192.168.x.y" dstip="192.0.2.74" proto="6" length="52" tos="0x00" prec="0x00" ttl="63" srcport="50421" dstport="443" tcpflags="ACK"

I really like the fwrule="32" info in the log data for troubleshooting. But whenever I add a firewall rule, all subsequent rules (higher fwrule IDs) will increment their fwrule IDs by one, thus breaking the log/fwrule association for all past logs.

Is there any "immutable" identifier for rules which can help to associate past log data with current fw rulesets? And if not, what are the best practices for workarounds?



This thread was automatically locked due to age.
Parents Reply Children
No Data