I am interested in logging to a text file all connections that are permitted through one of my rules. Much like the "view audit" feature when you are looking at the Rules page. Any thoughts
I have a 410f version 7
Try this command:
$> acat -e "rule_name 'Your rule'" > rule.txt
- If the rule name has spaces you must put the name in 'single-quotes'
That will show you the audit events for that rule name.
Retrieving data ...