Hi All,
I just wanted to check what the best practises are with logging against access control policy rules, specifically logging at the beginning of a connection vs logging at the end of a connection? I know that its not recommend to log both beginning and the end to reduce the number of connection events.
I also understand that blocked rules should log at the beginning of a connection as there is no end connection, however, with trust and allowed rules that we use (and that we need to log for compliance reasons) is there a preference to use one over the other?
Many thanks
