Hi there,
I had setup Log forwarding profile, where I am sending All logs to syslog server. Thats working great.
Then I added one more line where I am filtering threat logs for (severity eq critical) and (zone.src eq internet_zone)
Checking filter results by Filter Builder and its showing exact values which I am looking for
Then I added Build-in Actions and want tag source address with tag "Hacker-IP"
I have dynamical address group "Auto Blacklist Attacker" where Match is setup for "Hacker-IP" tag.
After a week of trying none of IP addresses has been added to this Address Group. But as you can see from checking filter setup there were plenty of hits...
I tried manually add tag "Hacker-IP" to one of my address-object and automatically showed in dynamic group.
Why is Auto-tag not working in Log forwarding profile? Do I missed something?
Thank you for your help.
Model: PA-440
Software: 10.2.6
