Greetings, long time listener fist time caller.
So this question has been brought up several times in my Organization and although I have never spent extensive time looking for a feature, it is always in the back of my mind when I am working on the FW. So like everyone I tend to use up more than my fair share of syslog/splunk space. I have cut back on what I am logging and am always up against that when I add new features. What I am wondering is am I missing some feature that allows you to not log every session? By that I mean you are logging dropped traffic, someone is attempting some attack, in the logs it might have the same entry 100 times in a minute say. Is there anyway to say only log the first one? My understanding is you log something or you don't. I can log say blocked RDP attempts or not, but I can't say only log the first one or only like 1 out of every 10 identical attempts or anything like that? I know you can do a lot of this with filters for splunk just wondering if you can do any on the FWs or on Panorama before it is sent to syslog.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!