Logging Firewall Activity

Learn how to improve your network security using firewall logs.

You can enable logging for your firewalls if the rules in the associated policy support it, and you are subscribed to Oracle Cloud Infrastructure Logging. Logs display log activity and the details of each logged event within a specified time frame. Logs show you when traffic triggers rules and help you improve security. For general information, see the Logging Service Documentation.

The Network Firewall service emits three log types:
  • Threat log: Provides details on received firewall threats.
  • Traffic log: Provides details on traffic passing through the firewall.
  • Tunnel inspection log: Provides details on mirrored VXLAN traffic passing through the firewall.
Logs are emitted to you based on a five minute interval from the dataplane. The dataplane also registers logs as they're received.
For more detail about log contents and examples, see Details for Network Firewall Logs.
Important

To use intrusion detection, you must enable logging.