Showing Rule ID in Syslog
For large customers handling 10K+ messages per second, including rule IDs in the Syslog events will substantially increase the volume of recorded data.
In release 25.1.0, an organization-level feature flag rule_info_exposure_to_syslog (disabled by default) was added. This flag controls whether rule ID information is included in the syslog messages:
rule_info_exposure_to_syslog
To add the rule IDs to the syslog events, the API optional_features_put was changed by adding the new property rule_info_exposure_to_syslog.
To provision the firewall settings via the PCE console, follow these steps:
In the PCE console, go to Settings > Event Settings .
In the Event Settings dialog, click Add next to Event Forwarding.
Select Local.
Select check boxes for all events: Organizational Events, System Events, Allowed, Potentially Blocked, Blocked, and System Health Messages.
Click Save.
Enabling the Rule Data via API
To set the flag enable_all_rule_hit_count_enabled via API, use the following CURL command:
curl -u api_${ILO_API_KEY_ID}:${ILO_API_KEY_SECRET} -H "Content-Type: application/json" -X PUT -d '{"rule_hit_count_enabled_scopes": [[]]}' https://${ILO_SERVER}/api/v2/orgs/${ILO_ORG_ID}/sec_policy/draft/firewall_settings For more details about using the Rule ID feature using the API, see Showing Rule ID in Syslog.