We upgraded from ASAs a while back and when transferring policies and objects over to the new system, many, if not most of the items took a generic name, such as "DM_INLINE_xyz" or "Outside_connection_#xxx", which makes it diffult to know what the policy is by looking at it. We discovered one we would like to audit and break out tighter policies from it since it seems rather broad, but we're trying to figure out how to do that best. Juniper FWs default syslog messages show the policy that denies or permits the traffic, but Cisco FTDs don't seem as detailed. We would be able to see what this specific policy is doing in syslogs if it showed policies in use.
Is there a way to do this, or, is there a way we could see in real time what traffic is traversing specific policies other than using the packet tracer?