Policies are always evaluated.
I'm guessing you're looking for a tap interface :
If this isn't what you're looking for then I'd recommend filing a feature request.
Logging every new packet will likely flood you with logs that aren't really valuable, but you can do it. For each policy that will be evaluated, select "Log at session start" under the Actions tab in the security rule.
Every single new packet that gets installed as a new session will be logged before the rules themselves are processed. This will increase the load on the management plane, because of the extra logging. It will also reduce the number of completed logs you can store, since you're effectively logging everything twice.
What problem are you trying to solve? Maybe your use case will help the community understand the goal, and get you there without using the policy approach you're attempting.
Sorry that seems a but silly I already log all polices so currently each packet creates 1 log entry. so if I wasn stupid and added any any log then I would double the amount of logging.
sorry what extra logging. each packet is processed as it is already
For example in iptables I can have chains that process lines and just log them. so lets say I want to see all the packets from a specif host that meet a specific criteria. but I don't want to allow it I just want to register it in the logs and then have the normal process of the rules happen
Not possible in the way you're describing it as far as I know. The rule will always be evaluated as per the action you configured on it.
I'd use the TAP solution as proposed earlier or a 3rd party solution like SNORT could maybe help you.
I can see how this can be usefull 🙂
It wouldn't hurt asking your local SE to file a feature request for this.
If it gets enough votes then it might be added to a future release.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!