Create rules from log entries

You can use log entry details to generate new rules.

To convert a log entry to a rule, the log entry must be created based on a rule (the entry contains a rule tag). Creating a rule this way allows you to make quick exceptions to the current policy. You can create the following types of rules:
  • A rule that allows a connection from an entry that logs stopped traffic
  • A rule that stops a connection from an entry that logs allowed traffic
  • A rule that changes the log level or stops the logging of matching connections

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Logs.
  2. Highlight the rows you want to include in the operation. You can select multiple log entries to create several rules in the same operation.
    Note:

    Do not include incompatible entries in the selection:

    • If you select multiple log entries, the Sender of all entries must be the same component.
    • All selected entries must have a value in the Rule Tag field. (Entries must be created by rules in a policy.)
  3. Right-click a selected log entry. Under Create Rule, select an option.
    Note: The selection determines how the handling of matching connections is changed.
  4. (Optional) Click Select, then change to the policy where the new rule is added. (For example, you can insert the rule in a subpolicy instead of the main policy.)
  5. (Optional) Edit the Comment.
    The comment is added to the rule’s Comment cell.
  6. Select the Action. All actions create the displayed rules at the beginning of the first insert point in the selected policy. You can also optionally install the policy with the new rule or open the policy for editing (with the new rule highlighted for you).
    Note: You cannot edit the rule in this dialog box. To edit the rule, select Add Rules and Edit the Policy.
  7. Click OK.

New Rule Properties dialog box

Use this dialog box to convert a log entry to a rule and add it to a policy.

Option Definition
Policy The policy that the rule will be added to.
Select Opens the Select Element dialog box.
Comment

(Optional)

 A comment for your own reference.
Rules table Shows the rule that will be added. You cannot edit the rule in this dialog box.
Action Specifies the Action. All actions create the displayed rules at the beginning of the first insert point in the selected policy.
  • Add Rules and Refresh the Policy — Adds the rules, then refreshes the policy.
  • Add Rules and Edit the Policy — Adds the rules, then opens the policy for editing.
  • Add Rules — Adds the rules only.