When troubleshooting firewall issues I usually run term mon, let the log run for 30 seconds and then stop it capture the output into notepad then do a find for the IP/subnet I am interested in.
This is surely not the most efficient way of doing this.
Is there a way of putting some kind of access list on the output of terminal monitor or do others log to a syslog and filter on that
I am keen to find a more efficient way of spotting a host in the logs when I am trying to troubleshoot why they can't connect to a resource.
Thanks
Roger