Description
Application Control generates two logs by default: 'Traffic' log and 'Application Control' log.
This article explains the differences between these log messages and explains how to disable one type of logging or the other.
This article explains the differences between these log messages and explains how to disable one type of logging or the other.
Scope
UTM Application control logging
Solution
Traffic log message generated by UTM application control
Application control log message
These two log messages correspond to the same traffic flow.
The information found in only one type of log are:
In Traffic log only:
At the application control list level by using set log disable. For example:
config application list
edit "test-appl"
config entries
edit 1
set action pass
set application 16339 15889
set log disable
next
Disabling Traffic Log for Application Control events (CLI only)
At the policy level by using set logtraffic-app disable. For example:
config firewall policy
edit 572
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set utm-status enable
set logtraffic-app disable
set application-list "test-appl"
set profile-protocol-options "default"
next
end
With 4.0 MR3 a new default logging behaviour of application control was introduced: by default application control generate logs in "Traffic Log" and in "Application Control Log"
With 5.0 this behavior will change and by default application log will generate log only in "Traffic Log"
