Guidelines and Limitations for Advanced Logging

Advanced logging can degrade network performance if used without filters in the access control rule. To reduce the volume of logs, use access control rules to filter specific traffic types and use networks and ports to limit logging to a particular network configuration.

Enabling advanced logging for all protocols can impact the Firewall Threat Defense device's performance. Configure advanced logging selectively to avoid increased device memory consumption.

Advanced logging is supported only on Snort 3-based Firewall Threat Defense devices running Version 10.0 or later.

Advanced logging does not support sending logs to a syslog server configured in the platform settings. To send events to the default logging destination configured in the access control policy, you must configure a syslog alert server as the default logging destination.

Advanced logging does not support Splunk profiles that use data interfaces for sending events to Splunk. To send events to Splunk, you must configure the Splunk profile to use the management interface for sending events. For more information about configuring a Splunk profile, refer to Splunk Integration: Send Events Directly from Management Center.