I think the expected behavior of the command show log firewall name <name> is, that it shows any log entries created by the default-action and created by the rules of the specific firewall.
Instead the command shows the default-action log entries of all firewalls that have set enable-default-log.
It seems that the regular expression is not correct.
diff --git a/templates/show/log/firewall/name/node.tag/node.def b/templates/show/log/firewall/name/node.tag/node.def index 4e71fa0..7431f8a 100644 --- a/templates/show/log/firewall/name/node.tag/node.def +++ b/templates/show/log/firewall/name/node.tag/node.def @@ -1,5 +1,5 @@ help: Show log for a specified firewall allowed: local -a ARR=$(cli-shell-api -- listEffectiveNodes firewall name) echo "${ARR[@]//\'/}" -run: cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-[0-9]+|default-[ADR]\]" +run: cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]"