Two Questions about Firewall Logging

Hi everyone:

I had a question about firewall logging in regards to the truncating of the firewall rule name for the purpose of logging. An example firewall rule name in my instance is “ExternalInterface-Incoming”, but in a logged rule hit it gets truncated to “ExternalInterface-I-4-D”. Based on my cursory investigation, am I correct in stating that the “4” is the corresponding rule number in that firewall name and the “D” is deny (where “A” would be allow)?

I’m hoping that’s the case - I’m setting up some syslog filters and need to key in on allow/deny, so I’m wanting to confirm that the letter on the end indicates the action since it is not explicit in any other part of the log. Thanks!


number 4 is for rule number
D is for Deny
A for Allow