Thanks for the quick response. Can you please let me know where we can find "Log Matching Traffic" and also what is the purpose of it?
Thanks in advance
Edit your firewall rules (the rule name is in the Activity log; last column) in your Firewall Rules policy. The setting is on the Description page.
Log matching traffic indicates that a record of matching traffic is preserved in the Host IPS Activity Log (event.log) on the client.
Thank you very much for explaining with the screenshots. If I understand correctly, Log all matching traffic means. For example, if a rule is set to allow the traffic A and it is placed at top in the Firewall rules and a different rule is set to block the traffic A and it is placed below. Allow will take precedence and it will be logged in the Activity log. Please correct me if I am wrong.
Log matching traffic simply means that if network traffic matches that particular rule, it will log to the Activity log file, regardless of the LOG ALL BLOCKED or LOG ALL ALLOWED traffic options.