I have MDS version 80.10 and Gateways running 77.30 with multiple VFs. I was hoping to log all out of state packets received by the firewall to be logged? Is there an inspect command that can help us achieve that?
On Firewall Management: fwm logexport -n -p | grep state
On Firewall Gateway: fw ctl zdebug drop | grep state
# fwm logexport -help
Usage:fwm logexport [-d delimiter] [-i filename] [-o filename] [-f|-t] [-x start_pos] [-y end_pos] [-z] [-n] [-p] [-a] [-u unification_scheme_file] [-m (initial|semi|raw)]Where:-d - Set the output delimiter. Default is ';'.-i - Input log file name. Default is the active log file, fw.log.-o - Output file name. Default is printing to the screen.-f - Only in case of active log file - Upon reaching end of file, wait for new records and export them as well.-t - Same as -f flag, only start at end of file.-x - Start exporting at the specified position.-y - End exporting at the specified position.-z - Continue exporting the next records, in case of an error. Default is to stop exporting.-n - No IP resolving. Default is to resolve all IPs.-p - No port resolving. Default is to resolve all ports.-a - Export account records only. Default is export all records.-u - Unification scheme file name. Default is log_unification_scheme.C.-m - Unification mode: initial-order, semi-unified, or raw. Default is 'initial'.
In Global Properties:
Retrieving data ...