Who rated this post

Who rated this post

Cyber Elite

@gleduc,

You can grab the addresses reported in the EDL from the firewall via CLI or SSH and script checking logs against them individually easily enough. By itself the logs don't have any knowledge of the EDLs and the search function will only search for address or address-group objects, it completely ignores EDLs.

This is primarily due to the sheer size supported by the EDLs. You wouldn't want the firewall to search through thousands of addresses when you attempt to pull search results. 

Who rated this post